CVE-2024-30939

EUVD-2024-28857
An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
yealinkvp59_firmware
91.15.0.118
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://medium.com/%40deepsahu1/yealink-ip-phone-account-take-over-9bf9e7b847c0?source=friends_link&sk=b0d664dd5b3aad5b758e4934aca997ad
https://medium.com/%40deepsahu1/yealink-ip-phone-account-take-over-9bf9e7b847c0?source=friends_link&sk=b0d664dd5b3aad5b758e4934aca997ad