3 matches found
CVE-2019-14656
Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account with a password of user can make admin requests via HTTP...
CVE-2019-14656
creationtimestamp| type| source ---|---|--- 2025-01-24 10:04:21+00:00| exploited| https://www.exploit-db.com/exploits/23572 2025-01-24 10:09:15+00:00| confirmed| https://www.yealink.com/en/trust-center/security-advisories/cve-2019-14656-yealink-phone-privilege-escalation-vulnerabilities 2025-01-2...
CVE-2019-14656
Summary: CVE-2019-14656 affects Yealink phones through 2019-08-04. The issue stems from inadequate role checks in POST requests, enabling the default User account (password: user) to issue admin requests over HTTP. It has high impact per CVSS metrics (network access, low privileges required, UI/N...