CVE-2024-30939

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-30939
An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://medium.com/%40deepsahu1/yealink-ip-phone-account-take-over-9bf9e7b847c0?source=friends_link&sk=b0d664dd5b3aad5b758e4934aca997ad Exploit Third Party Advisory
https://medium.com/%40deepsahu1/yealink-ip-phone-account-take-over-9bf9e7b847c0?source=friends_link&sk=b0d664dd5b3aad5b758e4934aca997ad Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:yealink:vp59_firmware:91.15.0.118:*:*:*:*:*:*:*
History

30 Jul 2025, 00:25

Type Values Removed Values Added
References () https://medium.com/%40deepsahu1/yealink-ip-phone-account-take-over-9bf9e7b847c0?source=friends_link&sk=b0d664dd5b3aad5b758e4934aca997ad - () https://medium.com/%40deepsahu1/yealink-ip-phone-account-take-over-9bf9e7b847c0?source=friends_link&sk=b0d664dd5b3aad5b758e4934aca997ad - Exploit, Third Party Advisory
CPE cpe:2.3:o:yealink:vp59_firmware:91.15.0.118:*:*:*:*:*:*:*
First Time Yealink vp59 Firmware
Yealink

21 Nov 2024, 09:12

Type Values Removed Values Added
References () https://medium.com/%40deepsahu1/yealink-ip-phone-account-take-over-9bf9e7b847c0?source=friends_link&sk=b0d664dd5b3aad5b758e4934aca997ad - () https://medium.com/%40deepsahu1/yealink-ip-phone-account-take-over-9bf9e7b847c0?source=friends_link&sk=b0d664dd5b3aad5b758e4934aca997ad -

06 Sep 2024, 23:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.8
Summary
  • (es) Un problema descubierto en Yealink VP59 Teams Editions con la versión de firmware 91.15.0.118 permite que un atacante físicamente cercano obtenga el control de una cuenta a través de una falla en el procedimiento de restablecimiento de fábrica.
CWE CWE-287

25 Apr 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-25 19:15

Updated : 2025-07-30 00:25

NVD link : CVE-2024-30939

Mitre link : CVE-2024-30939

CVE.ORG link : CVE-2024-30939

JSON object : View

Products Affected

yealink

  • vp59_firmware
CWE
CWE-287

Improper Authentication