CVE-2024-28442

Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://medium.com/%40deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227
https://www.yealink.com/en/product-detail/ip-phone-vp59
https://medium.com/%40deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227
https://www.yealink.com/en/product-detail/ip-phone-vp59

Configurations

No configuration.

History

21 Nov 2024, 09:06

Type	Values Removed	Values Added
References	~~() https://medium.com/%40deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227 -~~	() https://medium.com/%40deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227 -
References	~~() https://www.yealink.com/en/product-detail/ip-phone-vp59 -~~	() https://www.yealink.com/en/product-detail/ip-phone-vp59 -

05 Aug 2024, 17:35

Type	Values Removed	Values Added
CWE		CWE-200
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

27 Mar 2024, 12:29

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de Directory Traversal en Yealink VP59 v.91.15.0.118 permite a un atacante físicamente cercano obtener información confidencial a través de la función de términos de uso en el componente del portal de la empresa.

26 Mar 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-26 20:15

Updated : 2024-11-21 09:06

NVD link : CVE-2024-28442

Mitre link : CVE-2024-28442

CVE.ORG link : CVE-2024-28442

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

7.5 /10