Unrated severityNVD Advisory· Published Sep 17, 2014· Updated May 6, 2026

CVE-2012-1417

Description

Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.

Affected products

Yealink/Gigabit Color Ip Phone Sip T32g
cpe:2.3:h:yealink:gigabit_color_ip_phone_sip-t32g:-:*:*:*:*:*:*:*
Yealink/Gigabit Color Ip Phone Sip T38g
cpe:2.3:h:yealink:gigabit_color_ip_phone_sip-t38g:-:*:*:*:*:*:*:*
Yealink/Ip Phone Sip T19p
cpe:2.3:h:yealink:ip_phone_sip-t19p:-:*:*:*:*:*:*:*
Yealink/W52p
cpe:2.3:h:yealink:w52p:-:*:*:*:*:*:*:*
Yealink/Ip Phone Sip T20p
cpe:2.3:h:yealink:ip_phone_sip-t20p:-:*:*:*:*:*:*:*
Yealink/Ip Phone Sip T21p
cpe:2.3:h:yealink:ip_phone_sip-t21p:-:*:*:*:*:*:*:*
Yealink/Ip Phone Sip T22p
cpe:2.3:h:yealink:ip_phone_sip-t22p:-:*:*:*:*:*:*:*
Yealink/Ip Phone Sip T26p
cpe:2.3:h:yealink:ip_phone_sip-t26p:-:*:*:*:*:*:*:*
Yealink/Ip Phone Sip T28p
cpe:2.3:h:yealink:ip_phone_sip-t28p:-:*:*:*:*:*:*:*
Yealink/Ip Video Phone Vp530
cpe:2.3:h:yealink:ip_video_phone_vp530:-:*:*:*:*:*:*:*
Yealink/Ultra Elegant Ip Phone Sip T41p
cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t41p:-:*:*:*:*:*:*:*
Yealink/Ultra Elegant Ip Phone Sip T42g
cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t42g:-:*:*:*:*:*:*:*
Yealink/Ultra Elegant Ip Phone Sip T46g
cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t46g:-:*:*:*:*:*:*:*
Yealink/Ultra Elegant Ip Phone Sip T48g
cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t48g:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000