Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Yealink Ultra-elegant IP Phone SIP-T41P 路径遍历漏洞
Vulnerability Description
Yealink Ultra-elegant IP Phone SIP-T41P是中国亿联(Yealink)公司的一款IP电话机。 Yealink Ultra-elegant IP Phone SIP-T41P中的diagnostics Web界面存在路径遍历漏洞,该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
CVSS Information
N/A
Vulnerability Type
N/A