329 matches found
Yealink RPS Information Disclosure / Man-In-The-Middle
Yealink RPS contains several vulnerabilities that can lead to leaking of PII and/or man-in-the-middle attacks. Some vulnerabilities remain unpatched even after disclosure to the manufacturer...
CVE-2025-52916
Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration last five digits...
CVE-2025-52919
In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded...
CVE-2025-52917
The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests...
CVE-2025-52918
Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces...
CVE-2025-52917
The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests...
CVE-2025-52918
Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces...
CVE-2025-52919
In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded...
CVE-2025-52916
Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration last five digits...
CVE-2025-52919
In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded...
PT-2025-26530 · Yealink · Yealink Ymcs Rps
Name of the Vulnerable Software and Affected Versions: Yealink YMCS RPS versions prior to 2025-05-26 Description: The certificate upload function in Yealink YMCS RPS does not properly validate certificate content, potentially allowing invalid certificates to be uploaded. Recommendations: For...
Yealink YMCS RPS 信任管理问题漏洞
Yealink YMCS RPS is a device management cloud service platform with integrated RPS functionality from China Yealink Yealink. A trust management issue vulnerability exists in Yealink YMCS RPS versions prior to 2025-05-26, which stems from the certificate upload function not properly validating the...
PT-2025-26528 · Yealink · Yealink Ymcs Rps Api
Name of the Vulnerable Software and Affected Versions: Yealink YMCS RPS API versions prior to 2025-05-26 Description: The issue is related to the lack of rate limiting in the Yealink YMCS RPS API, which could potentially enable information disclosure via excessive requests. Recommendations: For...
CVE-2025-52919
In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded...
CVE-2025-52917
The CVE applies to Yealink YMCS RPS API prior to 2025-05-26, where a lack of rate limiting enables information disclosure through excessive requests. Affected component: Yealink RPS API; root cause: missing rate-limiting controls on API endpoints, leading to potential exposure of sensitive data u...
CVE-2025-52917
The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests...
CVE-2025-52919
The CVE-2025-52919 entry describes a vulnerability in Yealink RPS (YMCS RPS) where the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded. Multiple connected sources confirm the affected software and the root cause,...
CVE-2025-52916
Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration last five digits...
Yealink YMCS RPS API 安全漏洞
Yealink YMCS RPS API is a device interface from China Yealink Yealink. A security vulnerability exists in the Yealink YMCS RPS API version prior to 2025-05-26, which stems from a lack of rate limiting and could lead to information disclosure...
CVE-2025-52916
Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration last five digits...