CVE-2018-16218

Name of the Vulnerable Software and Affected Versions Yeahlink Ultra-elegant IP Phone SIP-T41P version 66.83.0.35

Description A Cross Site Request Forgery (CSRF) issue in the web interface allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.

Recommendations For version 66.83.0.35, as a temporary workaround, consider restricting access to the web interface until a patch is available. Avoid using the web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.