Vulnerabilites related to yeahlink - vp59_firmware
Vulnerability from fkie_nvd
Published
2019-10-08 13:15
Modified
2024-11-21 04:27
Severity ?
Summary
Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://cerebusforensics.com/yealink/exploit.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://sway.office.com/3pCb559LYVuT0eig | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cerebusforensics.com/yealink/exploit.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sway.office.com/3pCb559LYVuT0eig | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yeahlink | vp59_firmware | * | |
| yeahlink | vp59 | - | |
| yeahlink | t49g_firmware | * | |
| yeahlink | t49g | - | |
| yeahlink | t58v_firmware | * | |
| yeahlink | t58v | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yeahlink:vp59_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A416A5F5-E7E8-4D54-8BD7-F9DACC7D2AB9",
"versionEndIncluding": "2019-08-04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yeahlink:vp59:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2009943-3A1D-4129-A5D8-5F942D760537",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yeahlink:t49g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFE86FC-8AEA-4A0B-9D4A-1470DDABFDA2",
"versionEndIncluding": "2019-08-04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yeahlink:t49g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B30F986B-FB81-4D5A-BC12-479C473E0508",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yeahlink:t58v_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC06E8A-65CE-4E77-B427-966EF5FFFE08",
"versionEndIncluding": "2019-08-04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yeahlink:t58v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A7C6A9-D47D-402B-8C85-C403A593CF92",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP."
},
{
"lang": "es",
"value": "Los tel\u00e9fonos Yealink hasta el 04-08-2019, no comprueban apropiadamente los roles de los usuarios en las peticiones POST. En consecuencia, la cuenta User predeterminada (con una contrase\u00f1a de usuario) puede realizar peticiones de administrador por medio de HTTP."
}
],
"id": "CVE-2019-14656",
"lastModified": "2024-11-21T04:27:05.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T13:15:15.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://cerebusforensics.com/yealink/exploit.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sway.office.com/3pCb559LYVuT0eig"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://cerebusforensics.com/yealink/exploit.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sway.office.com/3pCb559LYVuT0eig"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-08 13:15
Modified
2024-11-21 04:27
Severity ?
Summary
Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://cerebusforensics.com/yealink/exploit.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://sway.office.com/3pCb559LYVuT0eig | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cerebusforensics.com/yealink/exploit.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sway.office.com/3pCb559LYVuT0eig | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yeahlink | vp59_firmware | * | |
| yeahlink | vp59 | - | |
| yeahlink | t49g_firmware | * | |
| yeahlink | t49g | - | |
| yeahlink | t58v_firmware | * | |
| yeahlink | t58v | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yeahlink:vp59_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A416A5F5-E7E8-4D54-8BD7-F9DACC7D2AB9",
"versionEndIncluding": "2019-08-04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yeahlink:vp59:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2009943-3A1D-4129-A5D8-5F942D760537",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yeahlink:t49g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFE86FC-8AEA-4A0B-9D4A-1470DDABFDA2",
"versionEndIncluding": "2019-08-04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yeahlink:t49g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B30F986B-FB81-4D5A-BC12-479C473E0508",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yeahlink:t58v_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC06E8A-65CE-4E77-B427-966EF5FFFE08",
"versionEndIncluding": "2019-08-04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yeahlink:t58v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A7C6A9-D47D-402B-8C85-C403A593CF92",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root."
},
{
"lang": "es",
"value": "Los tel\u00e9fonos Yealink hasta el 04-08-2019, presentan un problema con la carga de archivos de OpenVPN. Estos ejecutan un tar como root para extraer archivos, pero no comprueban el directorio de extracci\u00f3n. Crear un archivo tar con ../../../../ permite reemplazar casi cualquier archivo en un tel\u00e9fono. Esto conlleva al reemplazo de la contrase\u00f1a y a la ejecuci\u00f3n de c\u00f3digo arbitrario como root."
}
],
"id": "CVE-2019-14657",
"lastModified": "2024-11-21T04:27:05.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T13:15:15.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://cerebusforensics.com/yealink/exploit.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sway.office.com/3pCb559LYVuT0eig"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://cerebusforensics.com/yealink/exploit.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sway.office.com/3pCb559LYVuT0eig"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-14656
Vulnerability from cvelistv5
Published
2019-10-08 12:01
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP.
References
| ▼ | URL | Tags |
|---|---|---|
| http://cerebusforensics.com/yealink/exploit.html | x_refsource_MISC | |
| https://sway.office.com/3pCb559LYVuT0eig | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cerebusforensics.com/yealink/exploit.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sway.office.com/3pCb559LYVuT0eig"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T12:01:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cerebusforensics.com/yealink/exploit.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sway.office.com/3pCb559LYVuT0eig"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cerebusforensics.com/yealink/exploit.html",
"refsource": "MISC",
"url": "http://cerebusforensics.com/yealink/exploit.html"
},
{
"name": "https://sway.office.com/3pCb559LYVuT0eig",
"refsource": "MISC",
"url": "https://sway.office.com/3pCb559LYVuT0eig"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14656",
"datePublished": "2019-10-08T12:01:20",
"dateReserved": "2019-08-04T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14657
Vulnerability from cvelistv5
Published
2019-10-08 12:02
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root.
References
| ▼ | URL | Tags |
|---|---|---|
| http://cerebusforensics.com/yealink/exploit.html | x_refsource_MISC | |
| https://sway.office.com/3pCb559LYVuT0eig | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cerebusforensics.com/yealink/exploit.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sway.office.com/3pCb559LYVuT0eig"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T12:02:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cerebusforensics.com/yealink/exploit.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sway.office.com/3pCb559LYVuT0eig"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cerebusforensics.com/yealink/exploit.html",
"refsource": "MISC",
"url": "http://cerebusforensics.com/yealink/exploit.html"
},
{
"name": "https://sway.office.com/3pCb559LYVuT0eig",
"refsource": "MISC",
"url": "https://sway.office.com/3pCb559LYVuT0eig"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14657",
"datePublished": "2019-10-08T12:02:34",
"dateReserved": "2019-08-04T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}