VYPR

Vendor CVEs

Yealink

All CVEs

35 total · sorted by risk
  • CVE-2026-12222HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer…

  • CVE-2026-12221HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/start_offset results in stack-based buffer overflow. The…

  • CVE-2026-12220HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer…

  • CVE-2026-12218HigJun 15, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow.…

  • CVE-2025-68644HigDec 21, 2025
    risk 0.48cvss 7.4epss 0.00

    Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances.

  • CVE-2026-12219MedJun 15, 2026
    risk 0.41cvss 6.3epss 0.01

    A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be…

  • CVE-2026-12223MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.01

    A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command…

  • CVE-2025-52918MedJun 21, 2025
    risk 0.33cvss 5.0epss 0.00

    Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces.

  • CVE-2026-1735MedFeb 2, 2026
    risk 0.28cvss 4.3epss 0.01

    A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been…

  • CVE-2025-52919MedJun 21, 2025
    risk 0.28cvss 4.3epss 0.00

    In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded.

  • CVE-2025-52917MedJun 21, 2025
    risk 0.28cvss 4.3epss 0.00

    The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests.

  • CVE-2025-14228LowDec 8, 2025
    risk 0.23cvss 3.5epss 0.00

    A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the…

  • CVE-2025-52916LowJun 21, 2025
    risk 0.14cvss 2.2epss 0.00

    Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits).

  • CVE-2013-5758Aug 3, 2014
    risk 0.04cvss epss 0.12

    cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.

  • CVE-2012-1417Sep 17, 2014
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.

  • CVE-2013-5757Aug 3, 2014
    risk 0.03cvss epss 0.03

    Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.

  • CVE-2013-5756Aug 3, 2014
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.

  • CVE-2014-3427Jul 16, 2014
    risk 0.03cvss epss 0.05

    CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.

  • CVE-2013-5755Jul 16, 2014
    risk 0.03cvss epss 0.04

    config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access…

  • CVE-2023-43959Oct 17, 2023
    risk 0.01cvss epss 0.02

    An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.

  • CVE-2018-16217May 29, 2019
    risk 0.01cvss epss 0.03

    The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection.

  • CVE-2025-66738Dec 26, 2025
    risk 0.00cvss epss 0.01

    An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.

  • CVE-2025-66737Dec 26, 2025
    risk 0.00cvss epss 0.01

    Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component.

  • CVE-2024-31747Apr 29, 2024
    risk 0.00cvss epss 0.00

    An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (fixed in 122.15.0.142) allows a physically proximate attacker to disable the phone lock via the Walkie Talkie menu option.

  • CVE-2024-30939Apr 25, 2024
    risk 0.00cvss epss 0.00

    An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure.

  • CVE-2024-28442Mar 26, 2024
    risk 0.00cvss epss 0.01

    Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component.

  • CVE-2024-24681Feb 23, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations.

  • CVE-2022-48625Feb 19, 2024
    risk 0.00cvss epss 0.00

    Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary.

  • CVE-2023-3350Oct 3, 2023
    risk 0.00cvss epss 0.00

    A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128…

  • CVE-2020-24113Aug 22, 2023
    risk 0.00cvss epss 0.01

    Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).

  • CVE-2019-14657Oct 8, 2019
    risk 0.00cvss epss 0.04

    Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password…

  • CVE-2019-14656Oct 8, 2019
    risk 0.00cvss epss 0.02

    Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP.

  • CVE-2018-16221May 29, 2019
    risk 0.00cvss epss 0.01

    The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via…

  • CVE-2018-16218May 29, 2019
    risk 0.00cvss epss 0.01

    A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.

  • CVE-2014-3428Jun 16, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet.