Vulnerabilities > Yealink > Device Management > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-10-15 CVE-2021-27561 OS Command Injection vulnerability in Yealink Device Management 3.6.0.20
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
network
low complexity
yealink CWE-78
critical
9.8