Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.7
CVSSv2

CVE-2018-16221

Published: 29/05/2019 Updated: 30/05/2019
CVSS v2 Base Score: 7.7 | Impact Score: 10 | Exploitability Score: 5.1
CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1
VMScore: 685
Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Ultra-elegant Ip Phone Sip-t41p Firmware

Vulnerability Summary

The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote malicious user to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

yealink ultra-elegant_ip_phone_sip-t41p_firmware 66.83.0.35

References

CWE-22https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Yealink_Ultra-elegantIPPhone_SIPT41P.pdf?_=1549375271https://www.sit.fraunhofer.de/de/securitytestlab/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook