Member-only story
Note: Throughout the video proof of concept (POC) creation phase, there was no disclosure or exposure of any employee, organizational, or user data, ensuring strict adherence to data privacy protocols and maintaining the confidentiality of sensitive information.
During a private assessment of Yealink IP Phone, a security vulnerability was discovered. This vulnerability allows to take over user account via crafted keys.
Affected Device : Yealink VP59 Teams Edition
Affected Firmware Version: 91.15.0.118
Fixed Firmware version : 122.15.0.142
This critical vulnerability underscores the importance of promptly updating affected devices to the fixed firmware version to mitigate potential risks associated with sensitive data exposure.
Steps to Reproduce:
- Activate the device to initiate its functions and operations seamlessly, ensuring a smooth start-up process.
- Access the device by logging in with your Microsoft Teams account credentials, providing authorized entry for personalized usage.
- Configure device security settings by implementing a 30-second phone lock, optimizing convenience for testing purposes
- Await the automatic…
