CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-16217

The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.072

EPSS Ranking 91.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://www.sit.fraunhofer.de/de/securitytestlab/
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Yealink_Ultra-elegantIPPhone_SIPT41P.pdf?_=1549375271
https://www.sit.fraunhofer.de/de/securitytestlab/
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Yealink_Ultra-elegantIPPhone_SIPT41P.pdf?_=1549375271

Products affected by CVE-2018-16217

Yealink » Ultra-Elegant Ip Phone Sip-T41p » Version: N/A

cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t41p:-
Yealink » Ultra-Elegant Ip Phone Sip-T41p Firmware » Version: 66.83.0.35

cpe:2.3:o:yealink:ultra-elegant_ip_phone_sip-t41p_firmware:66.83.0.35

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16217

Products

Pricing

Contact Us