CVE Number: CVE-2020-24113
Published Date: August 22, 2022
Updated Date: September 4, 2023
Attention:
Yealink places great importance on the security of our customers and products. This is a dynamic document and may be subject to updates.
Vulnerability Summary
The Yealink W60B version 77.83.0.85 contains a directory traversal vulnerability in the contact file upload interface. Attackers can exploit this vulnerability to gain access to sensitive information and cause denial of service (DoS).
Influenced Products
The issue has been fixed in the iteration versions.
Product Family and Model | Affected Software Release | Fixed Software Release |
SIP-CP935W | <=78.86.0.25 | 78.86.0.63 |
T3X Series Phones | <==124.86.0.40 | 124.86.0.60 |
The iteration versions do not have related issues.
Product Family and Model | Fixed Software Release |
T5X Series Phones | 96.86.0.70 |
T4XU Series Phones | 108. 86.0.70 |
SIP-VP59 | 91.86.0.20 |
SIP-T58W | 150.86.0.50 |
SIP-CP965 | 143.86.0.10 |
W70B | 77.85.0.60 |
W80B | 103.83.0.80 |
W90B | 130.85.0.25 |
The discontinued version has been fixed.
Product Family and Model | Affected Software Release | Fixed Software Release |
W60B | <= 77.83.0.85 | 77.85.0.25 |
SIP-CP920 | <= 78.86.0.15 | 69.86.0.64 |
T4XS Series Phones | <= 66. 86.0.15 | 66.86.0.59 |
SIP-T58 | No related issues | 58.86.0.5 |
SIP-CP960 | No related issues | 73.86.0.5 |
Discontinued versions affected. Please contact Yealink Support technical personnel for resolution.
Product Family and Model | Affected Software Release | Fixed Software Release |
SIP-T27P | 45.83.0.120 | End of maintenance 2018/2/1 |
SIP-T29G | 46.83.0.120 | End of maintenance 2021/3/31 |
SIP-T41P | 36.83.0.120 | End of maintenance 2020/4/1 |
SIP-T42G | 29.83.0.120 | End of maintenance 2020/4/1 |
SIP-T46G | 28.83.0.120 | End of maintenance 2020/4/1 |
SIP-T48G | 35.83.0.120 | End of maintenance 2020/4/1 |
SIP-T19P_E2 | 53.84.0.130 | End of maintenance 2021/9/30 |
SIP-T21P_E2 | 52.84.0.130 | End of maintenance 2021/9/30 |
SIP-T23G | 44.84.0.130 | End of maintenance 2021/9/30 |
SIP-T40P | 54.84.0.130 | End of maintenance 2021/9/30 |
SIP-T40G | 76.84.0.130 | End of maintenance 2021/9/30 |
SIP-T52S/T54S | 70.84.0.80 | End of maintenance 2019/3/31 |
Vulnerability Solution
Upgrade to the resolved version based on the affected version list. OEM users who are unsure whether the issue is resolved can inquire through Ticket or email Yealink Support technical personnel for feedback.
Resolution Measures
Yealink recommends all customers upgrade to the latest version.
Feedback
For any customers using affected systems who are concerned about this vulnerability in their deployment, please reach out to Yealink technical support for the latest information by visiting Yealink Support.
You can also find additional advanced security guidance and helpful content by searching in the Security News section of the Technical Support Center Yealink Support.
