CVE-2024-28442

Опубликовано: 26 мар. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component.

Ссылки

https://medium.com/%40deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227
Exploit
Permissions Required
Third Party Advisory
https://www.yealink.com/en/product-detail/ip-phone-vp59
Product
https://medium.com/%40deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227
Exploit
Permissions Required
Third Party Advisory
https://www.yealink.com/en/product-detail/ip-phone-vp59
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:yealink:vp59_firmware:91.15.0.118:*:*:*:*:*:*:*

cpe:2.3:h:yealink:vp59:-:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00249

Низкий

7.5 High

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-56rx-5jgh-c8q2