Описание
A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.
Ссылки
- Third Party Advisory
- ExploitMitigationThird Party Advisory
- Third Party Advisory
- ExploitMitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:yealink:ultra-elegant_ip_phone_sip-t41p_firmware:66.83.0.35:*:*:*:*:*:*:*
cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t41p:-:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00597
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.
EPSS
Процентиль: 69%
0.00597
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352