Vulnerability Details CVE-2018-16221
The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.7%
CVSS Severity
CVSS v3 Score 8.0
CVSS v2 Score 7.7
References
- https://www.sit.fraunhofer.de/de/securitytestlab/
- https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Yealink_Ultra-elegantIPPhone_SIPT41P.pdf?_=1549375271
- https://www.sit.fraunhofer.de/de/securitytestlab/
- https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Yealink_Ultra-elegantIPPhone_SIPT41P.pdf?_=1549375271
Products affected by CVE-2018-16221
-
cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t41p:-
-
cpe:2.3:o:yealink:ultra-elegant_ip_phone_sip-t41p_firmware:66.83.0.35