CVE-2020-24113 – This vulnerability allows attackers to perform ... (How to Fix)

Q: What is the severity of CVE-2020-24113?

CVE-2020-24113 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows attackers to perform directory traversal attacks through the contacts file upload interface in Yealink W60B devices. Attackers can access sensitive files and cause denial of service. Only Yealink W60B devices running version 77.83.0.85 are affected.

📋 TL;DR

This vulnerability allows attackers to perform directory traversal attacks through the contacts file upload interface in Yealink W60B devices. Attackers can access sensitive files and cause denial of service. Only Yealink W60B devices running version 77.83.0.85 are affected.

💻 Affected Systems

Products:

Yealink W60B

Versions: 77.83.0.85

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific firmware version mentioned; other versions may not be vulnerable.

📦 What is this software?

W60b Firmware by Yealink

View all CVEs affecting W60b Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, extract credentials, and crash the device causing complete service disruption.

🟠

Likely Case

Attackers would access configuration files and cause temporary service interruptions.

🟢

If Mitigated

With proper network segmentation and access controls, impact would be limited to isolated network segments.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities typically have low exploitation complexity and can be exploited without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later versions than 77.83.0.85

Vendor Advisory: https://www.yealink.com/en/support/security-advisory

Restart Required: Yes

Instructions:

1. Check current firmware version. 2. Download latest firmware from Yealink support portal. 3. Upload firmware to device via web interface. 4. Reboot device after installation.

🔧 Temporary Workarounds

Disable file upload interface

all

Disable the contacts file upload functionality if not required

Network segmentation

all

Isolate Yealink W60B devices from untrusted networks

🧯 If You Can't Patch

Implement strict network access controls to limit device exposure
Monitor device logs for directory traversal attempts and file access patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or SSH: show version

Check Version:

show version

Verify Fix Applied:

Verify firmware version is newer than 77.83.0.85 and test file upload functionality

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns
Multiple failed upload attempts
Directory traversal strings in logs

Network Indicators:

HTTP requests with ../ patterns in file upload parameters
Unusual traffic to device management interface

SIEM Query:

source="yealink_logs" AND ("../" OR "..\" OR "%2e%2e%2f")

📊 Metadata

CVE ID: CVE-2020-24113

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-22

Published: August 22, 2023

Last Updated: November 21, 2024

🔗 References

https://fuo.fi/CVE-2020-24113/ Third Party Advisory
https://fuo.fi/CVE-2020-24113/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24113, you might also want to check these: