PT-2023-11662 · Yealink · Yealink W60B

Fuomag9

Published

2023-08-22

Updated

2023-08-28

CVE-2020-24113

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Yealink W60B version 77.83.0.85

Description The issue allows attackers to gain sensitive information and cause a denial of service (DoS) due to a Directory Traversal vulnerability in the Contacts File Upload Interface.

Recommendations For Yealink W60B version 77.83.0.85, consider restricting access to the Contacts File Upload Interface until a patch is available. As a temporary workaround, avoid using the vulnerable interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-24113

Affected Products

Yealink W60B

PT-2023-11662 · Yealink · Yealink W60B

CVE-2020-24113

Weakness Enumeration

Related Identifiers

Affected Products

References · 6