New Forum system requires email address which you used to apply for your account to replace your original username. Password stays the same.Please see this post for more details
http://forum.yealink.com/forum/showthread.php?tid=40344

Yealink Test Club has been officially launched. Please visit post below to get detail information. Come and join us!
http://forum.yealink.com/forum/announcements.php?aid=18

We just had the YMCS online and we are also working on the features plan on the future versions, in this regard we are need to hear your voice about the YMCS.
Please visit : http://forum.yealink.com/forum/showthread.php?tid=42322


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
security issue action uri:
Author Message
Chris Barron Offline
Member
***

Posts: 50
Joined: Sep 2015
Reputation: 0
Post: #1
security issue action uri:
Chaps:
this is partly a security alert and partly a request for a default configuration change.
The default setting for T4 series seems to be
features.action_uri.enable = 1
it should be = 0
This leaves the phone open to the following exploitation.

The phone is registered on port 5060 behind the nat (i.e first phone to be registered)
Because the action uri is open, the attack sets callforward on the phone to an international number
11-26-2018 02:45 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
security issue action uri: - Chris Barron - 11-26-2018 02:45 PM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Add Reset Action URL oliv 0 2,115 11-08-2018 12:08 PM
Last Post: oliv
  Action URL Request Billx 1 3,475 08-06-2013 02:36 PM
Last Post: Yealink Support

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication