CVE Daily

CVE-2024-28442

Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physica...

High CVSS 7.5

Overview

Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component.

CWE: CWE-200 Published: 2024-03-26T20:15:09.670
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: path (tag impact: MODERATE)

Recommended actions:

  • Canonicalize path; block `..` traversal; use allowlists.

Recommended tools

Tags