Trust Center - Security Advisories - Vulnerability Disclosure Policy Reporting

Yealink IP Phone

ID Discovery Date Resolution / Publication Date Summary Update

YVD-2020-24113 08/21/2023 09/03/2023

Yealink IP Phone Directory Traversal Vulnerability

11/23/2023

YVD-2022-0196997 09/01/2022 03/26/2023

Yealink Config Encrypt Tool Hardcoded Encryption Password Vulnerability

03/26/2023

YVD-2019-14656 08/03/2019 10/07/2019

Yealink Phone Privilege escalation Vulnerabilities

10/07/2024

YVD-2019-14657 08/03/2019 10/07/2019

Yealink Phone Local file replacement Vulnerabilities

11/23/2023

YVD-2018-16217 05/28/2019 05/29/2019

Yealink IP Phone WEB Server Vulnerabilities

11/23/2023

Yealink Management Platform

ID Discovery Date Resolution / Publication Date Summary Update

YVD-2024-1298699 11/04/2022 07/31/2023

Yealink device management platform Unauthorized RCE vulnerability

03/06/2024

YVD-2023-1257833 05/03/2023 11/23/2023

Yealink Meeting Server 2X System Command Execution Vulnerability

08/02/2024

YVD-2021-27561 12/12/2020 01/10/2021

Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability

11/23/2023

YVD-1306809 06/06/2024 06/06/2024

YVD-1306809 Yealink Meeting Server Encryption key leakage Vulnerability

06/11/2024

YVD-1306818 06/06/2024 06/06/2024

Yealink Meeting Server unauthorized Vulnerability

06/11/2024

Yealink Hardware Devices

ID Discovery Date Resolution / Publication Date Summary Update

YVD-2024-1229901 05/16/2023 04/01/2024

WebView Leads to Sensitive File Disclosure via Directory Traversal Vulnerability

04/01/2024

YVD-2024-1315498 04/30/2024 05/05/2024

Factory Reset Vulnerability

05/09/2024

SECURITY ADVISORIES

The latest vulnerabilities, threats, and recommended measures that are reported in Yealink products

Yealink IP Phone

Yealink IP Phone Directory Traversal Vulnerability

Yealink Config Encrypt Tool Hardcoded Encryption Password Vulnerability

Yealink Phone Privilege escalation Vulnerabilities

Yealink Phone Local file replacement Vulnerabilities

Yealink IP Phone WEB Server Vulnerabilities

Yealink Management Platform

Yealink device management platform Unauthorized RCE vulnerability

Yealink Meeting Server 2X System Command Execution Vulnerability

Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability

YVD-1306809 Yealink Meeting Server Encryption key leakage Vulnerability

Yealink Meeting Server unauthorized Vulnerability

Yealink Hardware Devices

WebView Leads to Sensitive File Disclosure via Directory Traversal Vulnerability

Factory Reset Vulnerability