Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

T49g Firmware Security Vulnerabilities

cve
cve

CVE-2019-14656

Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via...

8.8CVSS

7.5AI Score

0.002EPSS

2019-10-08 01:15 PM
28
cve
cve

CVE-2019-14657

Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and...

8.8CVSS

8.6AI Score

0.002EPSS

2019-10-08 01:15 PM
21