CSRF Vulnerability in Yealink Ultra-elegant IP Phone SIP-T41P
CVE-2018-16218

8.8HIGH

Key Information:

Vendor: Yealink
Status: Ultra-elegant Ip Phone Sip-t41p Firmware
Vendor: CVE Published:; 29 May 2019

What is CVE-2018-16218?

A vulnerability exists in the web interface of the Yealink Ultra-elegant IP Phone SIP-T41P, specifically in firmware version 66.83.0.35. This security flaw allows remote attackers to exploit the device by crafting a malicious link that, when clicked by a victim, can facilitate unauthorized code execution or alteration of device settings. Such exploitation could lead to significant security risks for users, as sensitive configurations might be compromised without the user's consent.

References

https://www.sit.fraunhofer.de/de/securitytestlab/

x_refsource_MISC

https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Adv...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 29, 2019
Vulnerability Reserved
Aug 30, 2018