CVE-2026-12222

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

CVE-2026-12219

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

EUVD-2026-36694

A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/startoffset results in stack-based buffer overflow. The attack needs to be...

CVE-2026-12219 Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

CVE-2026-12218 Yealink SIP-T46U Web FastCGI Service beforewifitest StartReportInformation stack-based overflow

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

PT-2026-49179

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

PT-2026-49180

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

CVE-2021-27561

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...

CVE-2025-14228

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...

YeaLink VP59 安全漏洞

YeaLink VP59 is a flagship smart video phone from China YeaLink YeaLink. A security vulnerability exists in YeaLink VP59 version v.91.15.0.118, which originates from a vulnerability that allows an attacker to gain access to sensitive information via the terms of use feature in the company portal...

The vulnerability of the Yealink Device Management platform allows a perpetrator to execute arbitrary commands.

The vulnerability of the Yealink Device Management platform lies in the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on behalf of the root user remotely...

Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability

Yealink Device Management contains a server-side request forgery SSRF vulnerability that allows for unauthenticated remote code execution...

Arm Trusted Firmware Out-of-Bounds Write Vulnerability

Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure NS world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment NSPE handler mode. This vulnerability affects...

CVE-2021-27561

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...

CVE-2021-27561

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...

VulnCheck KEV: CVE-2021-27561

Yealink Device Management contains a server-side request forgery SSRF vulnerability that allows for unauthenticated remote code execution...

Yealink Device Management Platform Unauthorized RCE Vulnerability

Founded in 2001, Yealink is a high-tech company in China, headquartered in the national software industrialization base in Xiazhou. An unauthorized RCE vulnerability in the Yealink Device Management Platform can be exploited to execute arbitrary commands...

Yealink Device Management Platform Unauthorized RCE Vulnerability (CNVD-2021-14827)

Founded in 2001, Yealink is a high-tech company in China, headquartered in the national software industrialization base in Xiazhou. An unauthorized RCE vulnerability in Yealink Device Management Platform can be exploited to execute arbitrary commands...

PT-2021-5058

Name of the Vulnerable Software and Affected Versions Yealink Device Management version 3.6.0.20 Description The issue is related to a lack of input data sanitization in the Yealink Device Management platform, allowing a remote attacker to execute arbitrary commands as the root user. Specifically...