12 matches found
CVE-2021-27561
Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...
CVE-2025-14228
A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...
YeaLink VP59 安全漏洞
YeaLink VP59 is a flagship smart video phone from China YeaLink YeaLink. A security vulnerability exists in YeaLink VP59 version v.91.15.0.118, which originates from a vulnerability that allows an attacker to gain access to sensitive information via the terms of use feature in the company portal...
Arm Trusted Firmware Out-of-Bounds Write Vulnerability
Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure NS world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment NSPE handler mode. This vulnerability affects...
Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability
Yealink Device Management contains a server-side request forgery SSRF vulnerability that allows for unauthenticated remote code execution...
CVE-2021-27561
Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...
CVE-2021-27561
Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...
New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild
Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...
VulnCheck KEV: CVE-2021-27561
Yealink Device Management contains a server-side request forgery SSRF vulnerability that allows for unauthenticated remote code execution...
Yealink Device Management Platform Unauthorized RCE Vulnerability (CNVD-2021-14827)
Founded in 2001, Yealink is a high-tech company in China, headquartered in the national software industrialization base in Xiazhou. An unauthorized RCE vulnerability in Yealink Device Management Platform can be exploited to execute arbitrary commands...
Yealink Device Management Platform Unauthorized RCE Vulnerability
Founded in 2001, Yealink is a high-tech company in China, headquartered in the national software industrialization base in Xiazhou. An unauthorized RCE vulnerability in the Yealink Device Management Platform can be exploited to execute arbitrary commands...
PT-2021-5058
Name of the Vulnerable Software and Affected Versions Yealink Device Management version 3.6.0.20 Description The issue is related to a lack of input data sanitization in the Yealink Device Management platform, allowing a remote attacker to execute arbitrary commands as the root user. Specifically...