CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-28442

Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.6%

CVSS Severity

CVSS v3 Score 7.5

References

https://medium.com/%40deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227
https://www.yealink.com/en/product-detail/ip-phone-vp59
https://medium.com/%40deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227
https://www.yealink.com/en/product-detail/ip-phone-vp59

Products affected by CVE-2024-28442

Yealink » Vp59 » Version: N/A

cpe:2.3:h:yealink:vp59:-
Yealink » Vp59 Firmware » Version: 91.15.0.118

cpe:2.3:o:yealink:vp59_firmware:91.15.0.118

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-28442

Products

Pricing

Contact Us