CVE-2018-16221
HIGHYealink SIP-T41P 66.83.0.35 - Authenticated Path Traversal via Diagnostics Web Interface
Title source: llmDescription
The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request).
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.sit.fraunhofer.de/de/securitytestlab/
Third Party Advisory x_refsource_misc
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Yealink_Ultra-elegantIPPhone_SIPT41P.pdf?_=1549375271
Scores
CVSS v3
8.0
EPSS
0.0150
EPSS Percentile
71.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
yealink/ultra-elegant_ip_phone_sip-t41p_firmware
66.83.0.35
Published
May 29, 2019
Tracked Since
Feb 18, 2026