Vulnerability Description
Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yeahlink | Vp59 Firmware | <= 2019-08-04 |
| Yeahlink | Vp59 | - |
| Yeahlink | T49G Firmware | <= 2019-08-04 |
| Yeahlink | T49G | - |
| Yeahlink | T58V Firmware | <= 2019-08-04 |
| Yeahlink | T58V | - |
Related Weaknesses (CWE)
References
- http://cerebusforensics.com/yealink/exploit.htmlExploitThird Party Advisory
- https://sway.office.com/3pCb559LYVuT0eigExploitThird Party Advisory
- http://cerebusforensics.com/yealink/exploit.htmlExploitThird Party Advisory
- https://sway.office.com/3pCb559LYVuT0eigExploitThird Party Advisory
FAQ
What is CVE-2019-14657?
CVE-2019-14657 is a vulnerability with a CVSS score of 8.8 (HIGH). Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../...
How severe is CVE-2019-14657?
CVE-2019-14657 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14657?
Check the references section above for vendor advisories and patch information. Affected products include: Yeahlink Vp59 Firmware, Yeahlink Vp59, Yeahlink T49G Firmware, Yeahlink T49G, Yeahlink T58V Firmware.