11 matches found
CVE-2021-27561
Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...
The vulnerability of the Yealink Device Management platform allows a perpetrator to execute arbitrary commands.
The vulnerability of the Yealink Device Management platform lies in the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on behalf of the root user remotely...
Arm Trusted Firmware Out-of-Bounds Write Vulnerability
Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure NS world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment NSPE handler mode. This vulnerability affects...
Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability
Yealink Device Management contains a server-side request forgery SSRF vulnerability that allows for unauthenticated remote code execution...
CVE-2021-27561
Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...
CVE-2021-27561
Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...
New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild
Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...
VulnCheck KEV: CVE-2021-27561
Yealink Device Management contains a server-side request forgery SSRF vulnerability that allows for unauthenticated remote code execution...
Yealink Device Management Platform Unauthorized RCE Vulnerability
Founded in 2001, Yealink is a high-tech company in China, headquartered in the national software industrialization base in Xiazhou. An unauthorized RCE vulnerability in the Yealink Device Management Platform can be exploited to execute arbitrary commands...
Yealink Device Management Platform Unauthorized RCE Vulnerability (CNVD-2021-14827)
Founded in 2001, Yealink is a high-tech company in China, headquartered in the national software industrialization base in Xiazhou. An unauthorized RCE vulnerability in Yealink Device Management Platform can be exploited to execute arbitrary commands...
PT-2021-5058
Name of the Vulnerable Software and Affected Versions Yealink Device Management version 3.6.0.20 Description The issue is related to a lack of input data sanitization in the Yealink Device Management platform, allowing a remote attacker to execute arbitrary commands as the root user. Specifically...