YeaLink DM 3.6.0.20 - Remote Command Injection

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. id: CVE-2021-27561 info: name: YeaLink DM 3.6.0.20 - Remote Command Injection author: shifacyclewala,hackergautam severity: critical description: Yealink...

CVE-2026-1735

A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the...

CVE-2026-1735

A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the...

CVE-2026-1735 Yealink MeetingBar A30 Diagnostic command injection

A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the...

CVE-2026-1735

A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the...

CVE-2026-1735

The vulnerability CVE-2026-1735 affects Yealink MeetingBar A30 running version 133.321.0.3, specifically a weakness in the Diagnostic Handler that allows command injection. The attack is feasible on the physical device, and a public exploit is available per the description. The vendor was not res...

EUVD-2026-5110

A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the...

CVE-2026-1735 Yealink MeetingBar A30 Diagnostic command injection

A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the...

Yealink MeetingBar A30 命令注入漏洞

The Yealink MeetingBar A30 is a video conference terminal produced by the Chinese company Yealink. The Yealink MeetingBar A30 version 133.321.0.3 has a command injection vulnerability. This vulnerability stems from certain unknown processing steps in the Diagnostic Handler component, which may le...

PT-2026-5588

A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the...

CVE-2023-43959

An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

CVE-2021-27561

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...

CVE-2025-66737

Yealink T21PE2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component...

CVE-2025-66738

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

CVE-2025-66737

Yealink T21PE2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component...

CVE-2025-66737

Yealink T21PE2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component...

CVE-2025-66738

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

CVE-2025-66738

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

Yealink T21P_E2 安全漏洞

Yealink T21PE2 is an IP Phone from China Yealink. A security vulnerability exists in Yealink T21PE2 Phone version 52.84.0.15, which stems from a path traversal issue in the Diagnostics Component Read function, which could allow a remote attacker to read arbitrary files...

PT-2025-53600

Name of the Vulnerable Software and Affected Versions Yealink T21P E2 Phone version 52.84.0.15 Description The Yealink T21P E2 Phone version 52.84.0.15 contains a directory traversal flaw. A remote attacker with normal privileges can read arbitrary files through a crafted request to the diagnosti...