Directory Traversal Vulnerability in Yealink VP59 IP Phone
CVE-2024-28442

Currently unrated

Key Information:

Vendor

Yealink

Status
VP59
Vendor
CVE Published:
26 March 2024

What is CVE-2024-28442?

A directory traversal vulnerability exists in the Yealink VP59 IP phone, version 91.15.0.118, which enables an attacker with physical access to the device to exploit the terms of use function within the company portal component. This flaw allows the unauthorized retrieval of sensitive information from the system, posing a significant risk to data security.

References

https://www.yealink.com/en/product-detail/ip-phone-vp59
https://medium.com/%40deepsahu1/cve-2024-28442-yealink-ip...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.