Vulnerabilidades em Yealink
13 resultadosCVE-2026-12223MEDIUMYealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injectionEPSS 1.5%CVE-2026-12219MEDIUMYealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injectionEPSS 1.5%CVE-2026-1735LOWYealink MeetingBar A30 Diagnostic command injectionEPSS 1.1%CVE-2026-12222HIGHYealink SIP-T46U Web FastCGI Service bttest mod_webd.BlueToothTest stack-based overflowEPSS 0.4%CVE-2026-12220HIGHYealink SIP-T46U Firmware Chunk Upload handler accupgradebychunk mod_upgrade.SparePartsUpload stack-based overflowEPSS 0.4%CVE-2026-12221HIGHYealink SIP-T46U Firmware Chunk Upload upgrade sprintf stack-based overflowEPSS 0.4%CVE-2026-12218HIGHYealink SIP-T46U Web FastCGI Service beforewifitest StartReportInformation stack-based overflowEPSS 0.4%CVE-2025-68644HIGHYealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanEPSS 0.3%CVE-2025-52917MEDIUMThe Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests.EPSS 0.3%CVE-2025-52916LOWYealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits).EPSS 0.3%CVE-2025-52918MEDIUMYealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated intEPSS 0.2%CVE-2025-14228MEDIUMYealink SIP-T21P E2 Local Directory cross site scriptingEPSS 0.2%CVE-2025-52919MEDIUMIn Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalEPSS 0.2%