Vulnerabilities > Yealink > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-19 | CVE-2024-33109 | Path Traversal vulnerability in multiple products Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. | 9.8 |
2024-02-08 | CVE-2024-24091 | OS Command Injection vulnerability in Yealink Meeting Server Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. | 9.8 |
2023-08-22 | CVE-2020-24113 | Path Traversal vulnerability in Yealink W60B Firmware 77.83.0.85 Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS). | 9.1 |
2021-10-15 | CVE-2021-27561 | OS Command Injection vulnerability in Yealink Device Management 3.6.0.20 Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. | 9.8 |