CVE-2018-16217
HIGHYealink Ultra-elegant IP Phone SIP-T41P 66.83.0.35 - Authenticated OS Command Injection via Network Diagnostic Ping
Title source: llmDescription
The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.sit.fraunhofer.de/de/securitytestlab/
Third Party Advisory x_refsource_misc
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Yealink_Ultra-elegantIPPhone_SIPT41P.pdf?_=1549375271
Scores
CVSS v3
8.8
EPSS
0.0326
EPSS Percentile
86.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
yealink/ultra-elegant_ip_phone_sip-t41p_firmware
66.83.0.35
Published
May 29, 2019
Tracked Since
Feb 18, 2026