Yealink
Products
29- 6 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
35| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-12222 | Hig | 0.52 | 8.0 | 0.00 | Jun 15, 2026 | A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer… | ||
| CVE-2026-12221 | Hig | 0.52 | 8.0 | 0.00 | Jun 15, 2026 | A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/start_offset results in stack-based buffer overflow. The… | ||
| CVE-2026-12220 | Hig | 0.52 | 8.0 | 0.00 | Jun 15, 2026 | A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer… | ||
| CVE-2026-12218 | Hig | 0.52 | 8.0 | 0.00 | Jun 15, 2026 | A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow.… | ||
| CVE-2025-68644 | Hig | 0.48 | 7.4 | 0.00 | Dec 21, 2025 | Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances. | ||
| CVE-2026-12219 | Med | 0.41 | 6.3 | 0.01 | Jun 15, 2026 | A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be… | ||
| CVE-2026-12223 | Med | 0.36 | 5.5 | 0.01 | Jun 15, 2026 | A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command… | ||
| CVE-2025-52918 | Med | 0.33 | 5.0 | 0.00 | Jun 21, 2025 | Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces. | ||
| CVE-2026-1735 | Med | 0.28 | 4.3 | 0.01 | Feb 2, 2026 | A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been… | ||
| CVE-2025-52919 | Med | 0.28 | 4.3 | 0.00 | Jun 21, 2025 | In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded. | ||
| CVE-2025-52917 | Med | 0.28 | 4.3 | 0.00 | Jun 21, 2025 | The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests. | ||
| CVE-2025-14228 | Low | 0.23 | 3.5 | 0.00 | Dec 8, 2025 | A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the… | ||
| CVE-2025-52916 | Low | 0.14 | 2.2 | 0.00 | Jun 21, 2025 | Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits). | ||
| CVE-2013-5758 | 0.04 | — | 0.12 | Aug 3, 2014 | cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files. | |||
| CVE-2012-1417 | 0.03 | — | 0.02 | Sep 17, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com. | |||
| CVE-2013-5757 | 0.03 | — | 0.03 | Aug 3, 2014 | Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx. | |||
| CVE-2013-5756 | 0.03 | — | 0.03 | Aug 3, 2014 | Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx. | |||
| CVE-2014-3427 | 0.03 | — | 0.05 | Jul 16, 2014 | CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet. | |||
| CVE-2013-5755 | 0.03 | — | 0.04 | Jul 16, 2014 | config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access… | |||
| CVE-2023-43959 | 0.01 | — | 0.02 | Oct 17, 2023 | An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component. |
- risk 0.52cvss 8.0epss 0.00
A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer…
- risk 0.52cvss 8.0epss 0.00
A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/start_offset results in stack-based buffer overflow. The…
- risk 0.52cvss 8.0epss 0.00
A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer…
- risk 0.52cvss 8.0epss 0.00
A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow.…
- risk 0.48cvss 7.4epss 0.00
Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances.
- risk 0.41cvss 6.3epss 0.01
A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be…
- risk 0.36cvss 5.5epss 0.01
A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command…
- risk 0.33cvss 5.0epss 0.00
Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces.
- risk 0.28cvss 4.3epss 0.01
A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been…
- risk 0.28cvss 4.3epss 0.00
In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded.
- risk 0.28cvss 4.3epss 0.00
The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests.
- risk 0.23cvss 3.5epss 0.00
A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the…
- risk 0.14cvss 2.2epss 0.00
Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits).
- CVE-2013-5758Aug 3, 2014risk 0.04cvss —epss 0.12
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
- CVE-2012-1417Sep 17, 2014risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
- CVE-2013-5757Aug 3, 2014risk 0.03cvss —epss 0.03
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.
- CVE-2013-5756Aug 3, 2014risk 0.03cvss —epss 0.03
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
- CVE-2014-3427Jul 16, 2014risk 0.03cvss —epss 0.05
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.
- CVE-2013-5755Jul 16, 2014risk 0.03cvss —epss 0.04
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access…
- CVE-2023-43959Oct 17, 2023risk 0.01cvss —epss 0.02
An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.