Filtered by vendor Yeahlink
Subscriptions
Filtered by product T49g
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-14657 | 1 Yeahlink | 6 T49g, T49g Firmware, T58v and 3 more | 2024-11-21 | 8.8 High |
Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root. | ||||
CVE-2019-14656 | 1 Yeahlink | 6 T49g, T49g Firmware, T58v and 3 more | 2024-11-21 | 8.8 High |
Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP. |
Page 1 of 1.