RPS
by Yealink
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-68644 | Hig | 0.48 | 7.4 | 0.00 | Dec 21, 2025 | Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances. | ||
| CVE-2025-52918 | Med | 0.33 | 5.0 | 0.00 | Jun 21, 2025 | Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces. | ||
| CVE-2025-52919 | Med | 0.28 | 4.3 | 0.00 | Jun 21, 2025 | In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded. | ||
| CVE-2025-52916 | Low | 0.14 | 2.2 | 0.00 | Jun 21, 2025 | Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits). |
- risk 0.48cvss 7.4epss 0.00
Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances.
- risk 0.33cvss 5.0epss 0.00
Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces.
- risk 0.28cvss 4.3epss 0.00
In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded.
- risk 0.14cvss 2.2epss 0.00
Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits).