CVE-2018-16218
HIGHYealink Ultra-elegant IP Phone SIP-T41P Firmware 66.83.0.35 - Cross-Site Request Forgery
Title source: llmDescription
A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.sit.fraunhofer.de/de/securitytestlab/
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Yealink_Ultra-elegantIPPhone_SIPT41P.pdf?_=1549375271
Scores
CVSS v3
8.8
EPSS
0.0126
EPSS Percentile
66.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
yealink/ultra-elegant_ip_phone_sip-t41p_firmware
66.83.0.35
Published
May 29, 2019
Tracked Since
Feb 18, 2026