Unrated severityNVD Advisory· Published May 29, 2019· Updated Aug 5, 2024
CVE-2018-16221
CVE-2018-16221
Description
The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Yeahlink/Ultra-elegant IP Phone SIP-T41Pdescription
Patches
Vulnerability mechanics
References
2- www.sit.fraunhofer.de/de/securitytestlab/mitrex_refsource_MISC
- www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Yealink_Ultra-elegantIPPhone_SIPT41P.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.