RSS   Vulnerabilities for 'Device management'   RSS

2021-10-15
 
CVE-2021-27561

CWE-77
 

 
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.

 

 >>> Vendor: Yealink 19 Products
Voip phone firmware
Voip phone
Sip-t38g
Gigabit color ip phone sip-t32g
Gigabit color ip phone sip-t38g
Ip phone sip-t19p
Ip phone sip-t20p
Ip phone sip-t21p
Ip phone sip-t22p
Ip phone sip-t26p
Ip phone sip-t28p
Ip video phone vp530
Ultra-elegant ip phone sip-t41p
Ultra-elegant ip phone sip-t42g
Ultra-elegant ip phone sip-t46g
Ultra-elegant ip phone sip-t48g
W52P
Ultra-elegant ip phone sip-t41p firmware
Device management


Copyright 2024, cxsecurity.com

 

Back to Top