Note:
This project will be discontinued after December 13, 2021. [more]
Product:
T58v_firmware
(Yeahlink)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 2 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-10-08 | CVE-2019-14657 | Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root. | T49g_firmware, T58v_firmware, Vp59_firmware | N/A | ||
2019-10-08 | CVE-2019-14656 | Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP. | T49g_firmware, T58v_firmware, Vp59_firmware | N/A |