Lucene search
K

329 matches found

Packet Storm News
Packet Storm News
added 2025/06/24 12:0 a.m.4 views

Yealink RPS Information Disclosure / Man-In-The-Middle

Yealink RPS contains several vulnerabilities that can lead to leaking of PII and/or man-in-the-middle attacks. Some vulnerabilities remain unpatched even after disclosure to the manufacturer...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.6 views

CVE-2025-52916

Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration last five digits...

2.2CVSS6.5AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.6 views

CVE-2025-52919

In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded...

4.3CVSS6.5AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.4 views

CVE-2025-52917

The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests...

4.3CVSS6.1AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.3 views

CVE-2025-52918

Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces...

5CVSS6.4AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2025/06/21 11:15 p.m.13 views

CVE-2025-52917

The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests...

4.3CVSS0.00261EPSS
Exploits0References4
NVD
NVD
added 2025/06/21 11:15 p.m.4 views

CVE-2025-52918

Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces...

5CVSS0.0024EPSS
Exploits0References4
NVD
NVD
added 2025/06/21 11:15 p.m.4 views

CVE-2025-52919

In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded...

4.3CVSS0.00153EPSS
Exploits0References4
NVD
NVD
added 2025/06/21 11:15 p.m.8 views

CVE-2025-52916

Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration last five digits...

2.2CVSS0.0025EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/21 12:0 a.m.4 views

CVE-2025-52919

In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded...

4.3CVSS6.4AI score0.00153EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/21 12:0 a.m.5 views

PT-2025-26530 · Yealink · Yealink Ymcs Rps

Name of the Vulnerable Software and Affected Versions: Yealink YMCS RPS versions prior to 2025-05-26 Description: The certificate upload function in Yealink YMCS RPS does not properly validate certificate content, potentially allowing invalid certificates to be uploaded. Recommendations: For...

4.3CVSS6.3AI score0.00153EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/06/21 12:0 a.m.5 views

Yealink YMCS RPS 信任管理问题漏洞

Yealink YMCS RPS is a device management cloud service platform with integrated RPS functionality from China Yealink Yealink. A trust management issue vulnerability exists in Yealink YMCS RPS versions prior to 2025-05-26, which stems from the certificate upload function not properly validating the...

4.3CVSS6.6AI score0.00153EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/21 12:0 a.m.5 views

PT-2025-26528 · Yealink · Yealink Ymcs Rps Api

Name of the Vulnerable Software and Affected Versions: Yealink YMCS RPS API versions prior to 2025-05-26 Description: The issue is related to the lack of rate limiting in the Yealink YMCS RPS API, which could potentially enable information disclosure via excessive requests. Recommendations: For...

4.3CVSS6AI score0.00261EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/06/21 12:0 a.m.10 views

CVE-2025-52919

In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded...

4.3CVSS0.00153EPSS
Exploits0References4
CVE
CVE
added 2025/06/21 12:0 a.m.20 views

CVE-2025-52917

The CVE applies to Yealink YMCS RPS API prior to 2025-05-26, where a lack of rate limiting enables information disclosure through excessive requests. Affected component: Yealink RPS API; root cause: missing rate-limiting controls on API endpoints, leading to potential exposure of sensitive data u...

4.3CVSS6.1AI score0.00261EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/21 12:0 a.m.5 views

CVE-2025-52917

The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests...

4.3CVSS6.1AI score0.00261EPSS
Exploits0References4
CVE
CVE
added 2025/06/21 12:0 a.m.20 views

CVE-2025-52919

The CVE-2025-52919 entry describes a vulnerability in Yealink RPS (YMCS RPS) where the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded. Multiple connected sources confirm the affected software and the root cause,...

4.3CVSS6.4AI score0.00153EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/21 12:0 a.m.9 views

CVE-2025-52916

Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration last five digits...

2.2CVSS0.0025EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/21 12:0 a.m.7 views

Yealink YMCS RPS API 安全漏洞

Yealink YMCS RPS API is a device interface from China Yealink Yealink. A security vulnerability exists in the Yealink YMCS RPS API version prior to 2025-05-26, which stems from a lack of rate limiting and could lead to information disclosure...

4.3CVSS6.2AI score0.00261EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/06/21 12:0 a.m.5 views

CVE-2025-52916

Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration last five digits...

2.2CVSS6.5AI score0.0025EPSS
Exploits0References4
Rows per page
Query Builder