Yealink

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-5756 1Yealink 1Sip T38g May 6, 2026 Aug 3, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
CVE-2014-3427 1Yealink 1Voip Phone Firmware May 6, 2026 Jul 16, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.
CVE-2013-5755 1Yealink 1Sip T38g May 6, 2026 Jul 16, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, w...Show more config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.Show less
CVE-2014-3428 1Yealink 2Voip Phone Voip Phone Firmware May 6, 2026 Jun 16, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet.

Previous 12