Vulnerabilities > Yealink > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-29 | CVE-2018-16218 | Cross-Site Request Forgery (CSRF) vulnerability in Yealink Ultra-Elegant IP Phone Sip-T41P Firmware 66.83.0.35 A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim. | 6.8 |
| 2014-08-03 | CVE-2013-5757 | Path Traversal vulnerability in Yealink Sip-T38G Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx. | 4.0 |
| 2014-08-03 | CVE-2013-5756 | Path Traversal vulnerability in Yealink Sip-T38G Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. | 4.0 |
| 2014-07-16 | CVE-2014-3427 | Unspecified vulnerability in Yealink Voip Phone Firmware 28.72.0.2 CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet. | 5.0 |
| 2014-06-16 | CVE-2014-3428 | Cross-Site Scripting vulnerability in Yealink Voip Phone and Voip Phone Firmware Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet. | 4.3 |