CVE-2024-30939

An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://medium.com/%40deepsahu1/yealink-ip-phone-account-take-over-9bf9e7b847c0?source=friends_link&sk=b0d664dd5b3aad5b758e4934aca997ad

Configurations

No configuration.

History

06 Sep 2024, 23:35

Type	Values Removed	Values Added
Summary		(es) Un problema descubierto en Yealink VP59 Teams Editions con la versión de firmware 91.15.0.118 permite que un atacante físicamente cercano obtenga el control de una cuenta a través de una falla en el procedimiento de restablecimiento de fábrica.
CWE		CWE-287
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.8

25 Apr 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-25 19:15

Updated : 2024-09-06 23:35

NVD link : CVE-2024-30939

Mitre link : CVE-2024-30939

CVE.ORG link : CVE-2024-30939

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

6.8 /10