EN |
Contact Sales
IP Phone
Microsoft | Zoom Device
Headset | Webcam
Intelligent Room Device
Management Platform
Accessories
    EoL Products
      Products A-Z
        Microsoft Solutions
        Zoom Solutions
        RingCentral Solutions
        By Industry
        By Scenario
        For Strategic Partners
        Helpdesk
        Yealink Academy
        Resource Center
        Trust Center
        Policy Center
        Partners
        Online Reseller
        Certified IP Phone Engineer
        Microsoft Solution Certified Program
        Certified Headset Solution Program
        Certified Multicell Engineer Program
        About Yealink
        News & Insights
        Perspectives
        Contact Us

        Yealink Phone Privilege escalation Vulnerabilities





        CVE Dictionary Entry: CVE-2019-14656

        DATE PUBLISHED: 2019-10-08



        Please Note: 

        Yealink takes the security of our customers and our products seriously. This is a living document and may be subject to updates.The latest version of this document can be found atthe following URL: https://www.yealink.com/trust-center-resource




        Vulnerability Summary

        Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP.




        Solution

        Yealink has released software updates to all affected phone models that contain fixes for these issues as well as other fixes and features. Please refer to the release notes for your particular endpoint for more information.



        Phone Series

        Product Family and ModelFixed Software Release
        SIP-T27P45.83.0.120
        SIP-T29G46.83.0.120
        SIP-T41P36.83.0.120
        SIP-T42G29.83.0.120
        SIP-T46G28.83.0.120
        SIP-T48G35.83.0.120
        SIP-T19P_E253.84.0.130
        SIP-T21P_E252.84.0.130
        SIP-T23G44.84.0.130
        SIP-T40P54.84.0.130
        SIP-T40G76.84.0.130
        SIP-T52S/T54S70.84.0.80
        SIP-CP92078.86.0.15
        T4XS Series Phones66. 86.0.15
        T4XU Series Phones108.86.0.60
        T3X Series Phones124.86.0.60
        T5X Series Phones96.86.0.60
        SIP-T5858.86.0.5
        SIP-CP96073.86.0.5
        SIP-VP5991.86.0.5
        SIP-T58W150.86.0.35
        SIP-CP965143.86.0.5
        VP59-Zoom91.30.0.30
        MP5X-Zoom122.30.0.15
        MP5X-Teams122.15.0.9
        T5X-Teams58.15.0.53
        CP960-Teams73.15.0.163
        CP965-Teams143.15.0.12
        W60B146.85.0.35
        W70B77.85.0.60
        W80B103.83.0.80
        W90B130.85.0.25




        VCS Series

        Product Family and ModelFixed Software Release
        VC210 Series 118.320.0.15
        MeetingEye400 Series120.320.0.15
        MeetingEye400Pro Series133.320.0.15
        MeetingEye800 Series129.320.0.30
        VP59-VCS91.353.0.10
        MeetingBoard65155.310.0.15


        The software, release notes, and other documentation for your voice endpoint can be found at: https://support.yealink.com/en/portal/home




        Mitigation

        Yealink recommends all customers upgrade to the latest version.




        Contact

        Any customer using an affected system who is concerned about this vulnerability within their deployment should contact Yealink Technical Support by visiting: https://support.yealink.com/en/portal/home for the latest information.

        You might also find value in the high-level security guidance and security news located at: https://support.yealink.com/en/portal/home



        Your Privacy
        Strictly Necessary Cookies
        Preferences Cookies
        Statistics Cookies
        Targeted Cookies
        PRIVACY PREFERENCE CENTER
        When you visit any website, the website stores or retrieves information from your browser, mostly in the form of Cookies. This information may relate to your personal information, preferences or device information and is used primarily to enable the website to provide the services you expect. This information does not usually directly identify you personally, but can provide you with a more personalized web experience. We fully respect your privacy, so you can choose not to allow certain types of Cookies, simply by clicking on the name of a different Cookie category to learn more and change the default settings. However, blocking certain types of Cookies may affect your experience with the site and the services we can provide to you.
        Learn more ->
        Strictly Necessary Cookies
        Always On
        These Cookies are essential for users to navigate the site and use its features, which are necessary for the proper functioning of the site, and cannot be turned off on our system. They are set only for actions you do that are equivalent to service requests, such as setting up your login or populating a form.You can set your browser to block or alert you to such Cookies, but some features of the site will not work. These Cookies do not store any personally identifiable information.
        Learn more ->
        Preferences Cookies
        These Cookies are primarily used to record the preferences of users as they navigate the site and use its features. These Cookies allow the website to remember the choices you have made in the past, such as which language you prefer or what your username and password are, so that you can automatically log in. If you do not allow the use of such Cookies, you will not be able to enjoy a more convenient experience with the site.
        Learn more ->
        Statistics Cookies
        These Cookies allow us to count the number of visits to our website and the sources of traffic in order to evaluate and improve the performance of our website. These Cookies also help us to understand the popularity of our pages and the activity of our visitors on the site. All information collected by such Cookies is aggregated to ensure that it remains anonymous. If you do not allow the use of such Cookies, we will have no way of knowing when you visit our site and will not be able to monitor site performance.
        Learn more ->
        Targeted Cookies
        These Cookies may be set by our advertising partners through our website and may also be used by those companies to create profiles of your interests and to display relevant advertisements to you on other websites. These Cookies do not store personal information directly, but use some information that uniquely identifies your browser and Internet device. If you do not allow the use of such Cookies, the advertisements you see will be less targeted.
        Learn more ->
        PRIVACY PREFERENCE CENTER
        Your Privacy
        Your Privacy
        When you visit any website, the website stores or retrieves information from your browser, mostly in the form of Cookies. This information may relate to your personal information, preferences or device information and is used primarily to enable the website to provide the services you expect. This information does not usually directly identify you personally, but can provide you with a more personalized web experience. We fully respect your privacy, so you can choose not to allow certain types of Cookies, simply by clicking on the name of a different Cookie category to learn more and change the default settings. However, blocking certain types of Cookies may affect your experience with the site and the services we can provide to you.
        Learn more ->
        Strictly Necessary Cookies
        Strictly Necessary Cookies
        Always On
        These Cookies are essential for users to navigate the site and use its features, which are necessary for the proper functioning of the site, and cannot be turned off on our system. They are set only for actions you do that are equivalent to service requests, such as setting up your login or populating a form.You can set your browser to block or alert you to such Cookies, but some features of the site will not work. These Cookies do not store any personally identifiable information.
        Learn more ->
        Preferences Cookies
        Preferences Cookies
        These Cookies are primarily used to record the preferences of users as they navigate the site and use its features. These Cookies allow the website to remember the choices you have made in the past, such as which language you prefer or what your username and password are, so that you can automatically log in. If you do not allow the use of such Cookies, you will not be able to enjoy a more convenient experience with the site.
        Learn more ->
        Statistics Cookies
        Statistics Cookies
        These Cookies allow us to count the number of visits to our website and the sources of traffic in order to evaluate and improve the performance of our website. These Cookies also help us to understand the popularity of our pages and the activity of our visitors on the site. All information collected by such Cookies is aggregated to ensure that it remains anonymous. If you do not allow the use of such Cookies, we will have no way of knowing when you visit our site and will not be able to monitor site performance.
        Learn more ->
        Targeted Cookies
        Targeted Cookies
        These Cookies may be set by our advertising partners through our website and may also be used by those companies to create profiles of your interests and to display relevant advertisements to you on other websites. These Cookies do not store personal information directly, but use some information that uniquely identifies your browser and Internet device. If you do not allow the use of such Cookies, the advertisements you see will be less targeted.
        Learn more ->
        Except for necessary cookies, we may also use functional cookies (including third party cookies) to deliver experience for you. You can turn them off by clicking “configure". More information in cookies policy.
        Configure I Accept