Online Webinar: Discover the Latest AI-Powered AV Solutions for Next-gen Digtial Workpace > Yealink Meetingbar Series - All Rooms Plug-and-Play > Yealink 4th-Gen MVC Series – Discover the Next-Gen Hybrid Meeting Room Solutions > Trade-In Campaign – Upgrade to Yealink with Android 13 or Windows 11 + MDEP

WebView Leads to Sensitive File Disclosure via Directory Traversal Vulnerability

CVE Dictionary Entry: CVE-2024-28442

DATE PUBLISHED: 2024-04-03

DATE UPDATED: 2024-04-03

Please Note:

Yealink takes the security of our customers and our products seriously. This is a living document and may be subject to updates.

Vulnerability Summary

During a private assessment of Yealink IP Phone MP58/VP59, a security vulnerability was discovered. This vulnerability allows for the retrieval of sensitive files containing usernames and encrypted passwords.

Vulnerability CVSS

CVSS Severity: HIGH

CVSS Score: 7.5

CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Product Affected

Product Family and Model	Affected Software Release	Fixed
MP5X-Teams	<=122.15.0.115	122.15.0.135
MP52-Teams	<= 145.15.0.65	145.15.0.80
VP59-Teams	<=91.15.0.118	91.15.0.133
CP965-Teams	<=143.15.0.27	143.15.0.48
DeskVision A24	No related issues	156.15.0.24
MeetingBar 65/86	<= 155.15.0.43	155.15.0.46
MeetingBarA10	<=278.321.0.11	278.321.0.32
MeetingBarA20/A30	<=133.320.0.12	133.320.0.35
MeetingEye500	No related issues	280.320.0.15
RoomPanel	<= 147.15.0.40	147.520.0.7
RoomPanelPlus	<= 269.520.0.9	269.520.0.12
Roomcast	<= 144.312.0.5	144.313.0.1

Solution

Yealink has released software updates to fixed the vulnerability in CVE-2024-28442 , please update it in time.

The software, release notes, and other documentation for your voice endpoint can be found at: https://support.yealink.com/en/portal/home

Mitigation

Yealink recommends all customers upgrade to the latest version.

Contact

Any customer using an affected system who is concerned about this vulnerability within their deployment should contact Yealink Technical Support by visiting: https://support.yealink.com/en/portal/home for the latest information.

You might also find value in the high-level security guidance and security news located at: https://support.yealink.com/en/portal/home

Your Privacy

Strictly Necessary Cookies

Preferences Cookies

Statistics Cookies

Targeted Cookies

PRIVACY PREFERENCE CENTER

When you visit any website, the website stores or retrieves information from your browser, mostly in the form of Cookies. This information may relate to your personal information, preferences or device information and is used primarily to enable the website to provide the services you expect. This information does not usually directly identify you personally, but can provide you with a more personalized web experience. We fully respect your privacy, so you can choose not to allow certain types of Cookies, simply by clicking on the name of a different Cookie category to learn more and change the default settings. However, blocking certain types of Cookies may affect your experience with the site and the services we can provide to you.

Strictly Necessary Cookies

Always On

These Cookies are essential for users to navigate the site and use its features, which are necessary for the proper functioning of the site, and cannot be turned off on our system. They are set only for actions you do that are equivalent to service requests, such as setting up your login or populating a form.You can set your browser to block or alert you to such Cookies, but some features of the site will not work. These Cookies do not store any personally identifiable information.

Preferences Cookies

These cookies are mainly used to record users' preferences while browsing the website and using its features. These cookies allow the website to remember your interactions with the website, choices you have made in the past and information you have entered, such as your preferred language or what your username and password are, so you can be logged in automatically. If you do not allow the use of such Cookies, you will not be able to enjoy a more convenient experience with the site.

Statistics Cookies

These Cookies allow us to count the number of visits to our website and the sources of traffic in order to evaluate and improve the performance of our website. These Cookies also help us to understand the popularity of our pages and the activity of our visitors on the site. All information collected by such Cookies is aggregated to ensure that it remains anonymous. If you do not allow the use of such Cookies, we will have no way of knowing when you visit our site and will not be able to monitor site performance.

Targeted Cookies

These Cookies may be set by our advertising partners through our website and may also be used by those companies to create profiles of your interests and to display relevant advertisements to you on other websites. These Cookies do not store personal information directly, but use some information that uniquely identifies your browser and Internet device. If you do not allow the use of such Cookies, the advertisements you see will be less targeted.

PRIVACY PREFERENCE CENTER

Your Privacy

Your Privacy

When you visit any website, the website stores or retrieves information from your browser, mostly in the form of Cookies. This information may relate to your personal information, preferences or device information and is used primarily to enable the website to provide the services you expect. This information does not usually directly identify you personally, but can provide you with a more personalized web experience. We fully respect your privacy, so you can choose not to allow certain types of Cookies, simply by clicking on the name of a different Cookie category to learn more and change the default settings. However, blocking certain types of Cookies may affect your experience with the site and the services we can provide to you.

Strictly Necessary Cookies

Strictly Necessary Cookies

Always On

These Cookies are essential for users to navigate the site and use its features, which are necessary for the proper functioning of the site, and cannot be turned off on our system. They are set only for actions you do that are equivalent to service requests, such as setting up your login or populating a form.You can set your browser to block or alert you to such Cookies, but some features of the site will not work. These Cookies do not store any personally identifiable information.

Preferences Cookies

Preferences Cookies

These Cookies are primarily used to record the preferences of users as they navigate the site and use its features. These Cookies allow the website to remember the choices you have made in the past, such as which language you prefer or what your username and password are, so that you can automatically log in. If you do not allow the use of such Cookies, you will not be able to enjoy a more convenient experience with the site.

Statistics Cookies

Statistics Cookies

These Cookies allow us to count the number of visits to our website and the sources of traffic in order to evaluate and improve the performance of our website. These Cookies also help us to understand the popularity of our pages and the activity of our visitors on the site. All information collected by such Cookies is aggregated to ensure that it remains anonymous. If you do not allow the use of such Cookies, we will have no way of knowing when you visit our site and will not be able to monitor site performance.

Targeted Cookies

Targeted Cookies

These Cookies may be set by our advertising partners through our website and may also be used by those companies to create profiles of your interests and to display relevant advertisements to you on other websites. These Cookies do not store personal information directly, but use some information that uniquely identifies your browser and Internet device. If you do not allow the use of such Cookies, the advertisements you see will be less targeted.