+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Phone specific topic (/forumdisplay.php?fid=12)
+---- Forum: T2xP Series (/forumdisplay.php?fid=21)
+---- Thread: CVE-2014-6271 ShellShock Bash Exploit (/showthread.php?tid=2497)
CVE-2014-6271 ShellShock Bash Exploit - Vanburen - 09-30-2014 05:53 PM
Are the Yealink T2xP series vulnerable to the shellshock exploit?
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
http://en.wikipedia.org/wiki/Shellshock_(software_bug)
RE: CVE-2014-6271 ShellShock Bash Exploit - jolouis - 10-02-2014 12:33 AM
Pretty sure Yealink is using Busybox like virtually all other embedded devices, and since it's not a bash shell (it's "sh") it's not vulnerable. Google busybox shellshock for details.
RE: CVE-2014-6271 ShellShock Bash Exploit - James_Yealink - 10-09-2014 02:13 PM
Hi All,
Since Bash model are not applied to Yealink phones all Yealink phone models are not vulnerable to the shellshock issue.
We will release an announcement later.
Regards,
James