Vulnerabilities > Yealink > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-19 CVE-2024-33109 Path Traversal vulnerability in multiple products
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.
network
low complexity
ergophone yealink CWE-22
critical
9.8
2024-02-08 CVE-2024-24091 OS Command Injection vulnerability in Yealink Meeting Server
Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface.
network
low complexity
yealink CWE-78
critical
9.8
2023-08-22 CVE-2020-24113 Path Traversal vulnerability in Yealink W60B Firmware 77.83.0.85
Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).
network
low complexity
yealink CWE-22
critical
9.1
2021-10-15 CVE-2021-27561 OS Command Injection vulnerability in Yealink Device Management 3.6.0.20
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
network
low complexity
yealink CWE-78
critical
9.8