Lucene search
+L

11 matches found

redhatcve
redhatcve
added 2026/01/09 11:29 a.m.7 views

CVE-2021-27561

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...

10CVSS7.4AI score0.82516EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2021/12/07 12:0 a.m.6 views

The vulnerability of the Yealink Device Management platform allows a perpetrator to execute arbitrary commands.

The vulnerability of the Yealink Device Management platform lies in the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on behalf of the root user remotely...

10CVSS8.4AI score0.82516EPSS
Exploits0References3Affected Software1
cisa_kev
cisa_kev
added 2021/11/03 12:0 a.m.23 views

Arm Trusted Firmware Out-of-Bounds Write Vulnerability

Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure NS world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment NSPE handler mode. This vulnerability affects...

5.5CVSS5.6AI score0.03093EPSS
In wildExploits0
cisa_kev
cisa_kev
added 2021/11/03 12:0 a.m.22 views

Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability

Yealink Device Management contains a server-side request forgery SSRF vulnerability that allows for unauthenticated remote code execution...

10CVSS9.7AI score0.82516EPSS
In wildExploits0
osv
osv
added 2021/10/15 6:15 p.m.5 views

CVE-2021-27561

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...

9.8CVSS7.3AI score0.82516EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2021/10/15 5:11 p.m.12 views

CVE-2021-27561

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...

9.9AI score0.82516EPSS
Exploits0References1
thn
thn
added 2021/03/16 10:32 a.m.7 views

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...

10CVSS7.8AI score0.99968EPSS
Exploits12
vulncheck_kev
vulncheck_kev
added 2021/03/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-27561

Yealink Device Management contains a server-side request forgery SSRF vulnerability that allows for unauthenticated remote code execution...

10CVSS7.7AI score0.82516EPSS
Exploits0References1
cnvd
cnvd
added 2021/02/24 12:0 a.m.12 views

Yealink Device Management Platform Unauthorized RCE Vulnerability

Founded in 2001, Yealink is a high-tech company in China, headquartered in the national software industrialization base in Xiazhou. An unauthorized RCE vulnerability in the Yealink Device Management Platform can be exploited to execute arbitrary commands...

5.5CVSS7.3AI score0.03093EPSS
Exploits0
cnvd
cnvd
added 2021/02/24 12:0 a.m.11 views

Yealink Device Management Platform Unauthorized RCE Vulnerability (CNVD-2021-14827)

Founded in 2001, Yealink is a high-tech company in China, headquartered in the national software industrialization base in Xiazhou. An unauthorized RCE vulnerability in Yealink Device Management Platform can be exploited to execute arbitrary commands...

10CVSS9.5AI score0.82516EPSS
Exploits0
ptsecurity
ptsecurity
added 2021/02/23 12:0 a.m.6 views

PT-2021-5058

Name of the Vulnerable Software and Affected Versions Yealink Device Management version 3.6.0.20 Description The issue is related to a lack of input data sanitization in the Yealink Device Management platform, allowing a remote attacker to execute arbitrary commands as the root user. Specifically...

10CVSS10AI score0.82516EPSS
Exploits0References11
Rows per page
Query Builder