Yealink Forums

Full Version: security issue action uri:
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
this is partly a security alert and partly a request for a default configuration change.
The default setting for T4 series seems to be
features.action_uri.enable = 1
it should be = 0
This leaves the phone open to the following exploitation.

The phone is registered on port 5060 behind the nat (i.e first phone to be registered)
Because the action uri is open, the attack sets callforward on the phone to an international number
Reference URL's