Описание
Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2019-08-04 (включая)
Одновременно
cpe:2.3:o:yeahlink:vp59_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yeahlink:vp59:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 2019-08-04 (включая)
Одновременно
cpe:2.3:o:yeahlink:t49g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yeahlink:t49g:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 2019-08-04 (включая)
Одновременно
cpe:2.3:o:yeahlink:t58v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yeahlink:t58v:-:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01826
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root.
EPSS
Процентиль: 83%
0.01826
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-22