2 matches found
CVE-2018-16221
The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 does not validate escape the path information path traversal, which allows an authenticated remote attacker to get access to privileged information e.g., /etc/passwd via path traversal relative path...
CVE-2018-16221
The CVE-2018-16221 affects the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35). The diagnostics web interface does not validate/escape path information, enabling path traversal via the file parameter of a POST request. This authenticated attacker can access privileged files (e.g., ...