Search
Search Results (33 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3427 | 1 Yealink | 1 Voip Phone Firmware | 2025-04-12 | N/A |
| CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet. | ||||
| CVE-2014-3428 | 1 Yealink | 2 Voip Phone, Voip Phone Firmware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet. | ||||
| CVE-2013-5755 | 1 Yealink | 1 Sip-t38g | 2025-04-12 | N/A |
| config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2013-5757 | 1 Yealink | 1 Sip-t38g | 2025-04-12 | N/A |
| Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx. | ||||
| CVE-2013-5758 | 1 Yealink | 1 Sip-t38g | 2025-04-12 | N/A |
| cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files. | ||||
| CVE-2024-48353 | 1 Yealink | 2 Meeting Server, Yealink Meeting Server | 2025-03-07 | 7.5 High |
| Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information. | ||||
| CVE-2023-43959 | 1 Yealink | 2 Sip-t19p-e2, Sip-t19p-e2 Firmware | 2024-11-21 | 8.8 High |
| An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component. | ||||
| CVE-2020-24113 | 1 Yealink | 2 W60b, W60b Firmware | 2024-11-21 | 9.1 Critical |
| Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS). | ||||
| CVE-2018-16221 | 1 Yealink | 2 Ultra-elegant Ip Phone Sip-t41p, Ultra-elegant Ip Phone Sip-t41p Firmware | 2024-11-21 | N/A |
| The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request). | ||||
| CVE-2018-16218 | 1 Yealink | 2 Ultra-elegant Ip Phone Sip-t41p, Ultra-elegant Ip Phone Sip-t41p Firmware | 2024-11-21 | N/A |
| A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim. | ||||
| CVE-2018-16217 | 1 Yealink | 2 Ultra-elegant Ip Phone Sip-t41p, Ultra-elegant Ip Phone Sip-t41p Firmware | 2024-11-21 | N/A |
| The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection. | ||||
| CVE-2024-48352 | 1 Yealink | 2 Meeting Server, Yealink Meeting Server | 2024-11-05 | 7.5 High |
| Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID. | ||||
| CVE-2024-33109 | 2 Ergophone, Yealink | 4 Tiptel Ip 286, Tiptel Ip 286 Firmware, Sip-t28p and 1 more | 2024-09-25 | 9.9 Critical |
| Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. | ||||