Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ultra-Elegant Ip Phone Sip-T41P Firmware Security Vulnerabilities

cve
cve

CVE-2018-16217

The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection.

8.8CVSS

8.7AI Score

0.002EPSS

2019-05-29 06:29 PM
87
cve
cve

CVE-2018-16218

A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.

8.8CVSS

8.7AI Score

0.01EPSS

2019-05-29 06:29 PM
80
cve
cve

CVE-2018-16221

The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relativ...

8CVSS

7.5AI Score

0.001EPSS

2019-05-29 06:29 PM
84