VYPR
Vendor

Yealink

Products
29
CVEs
35
Across products
52
Status
Private

Products

29

Recent CVEs

35
View all 35 CVEs →
  • CVE-2026-12222HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer…

  • CVE-2026-12221HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/start_offset results in stack-based buffer overflow. The…

  • CVE-2026-12220HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer…

  • CVE-2026-12218HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow.…

  • CVE-2025-68644HigDec 21, 2025
    risk 0.48cvss 7.4epss 0.00

    Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances.

  • CVE-2026-12219MedJun 15, 2026
    risk 0.41cvss 6.3epss 0.01

    A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be…

  • CVE-2026-12223MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.01

    A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command…

  • CVE-2025-52918MedJun 21, 2025
    risk 0.33cvss 5.0epss 0.00

    Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces.

  • CVE-2026-1735MedFeb 2, 2026
    risk 0.28cvss 4.3epss 0.01

    A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been…

  • CVE-2025-52919MedJun 21, 2025
    risk 0.28cvss 4.3epss 0.00

    In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded.

  • CVE-2025-52917MedJun 21, 2025
    risk 0.28cvss 4.3epss 0.00

    The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests.

  • CVE-2025-14228LowDec 8, 2025
    risk 0.23cvss 3.5epss 0.00

    A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the…

  • CVE-2025-52916LowJun 21, 2025
    risk 0.14cvss 2.2epss 0.00

    Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits).

  • CVE-2013-5758Aug 3, 2014
    risk 0.04cvss epss 0.12

    cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.

  • CVE-2012-1417Sep 17, 2014
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.

  • CVE-2013-5757Aug 3, 2014
    risk 0.03cvss epss 0.03

    Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.

  • CVE-2013-5756Aug 3, 2014
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.

  • CVE-2014-3427Jul 16, 2014
    risk 0.03cvss epss 0.05

    CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.

  • CVE-2013-5755Jul 16, 2014
    risk 0.03cvss epss 0.04

    config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access…

  • CVE-2023-43959Oct 17, 2023
    risk 0.01cvss epss 0.02

    An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.

VYPR — Vulnerability Intelligence