Yealink
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Yealink product.
RSS Feeds for Yealink security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Yealink products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Yealink Sorted by Most Security Vulnerabilities since 2018
Known Exploited Yealink Vulnerabilities
The following Yealink vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Yealink Device Management Server Pre-Authorization SSRF |
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication CVE-2021-27561 Exploit Probability: 82.5% |
November 3, 2021 |
The vulnerability CVE-2021-27561: Yealink Device Management Server Pre-Authorization SSRF is in the top 1% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 7 vulnerabilities in Yealink with an average score of 6.9 out of ten. Last year, in 2025 Yealink had 2 security vulnerabilities published. That is, 5 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.42.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 7 | 6.87 |
| 2025 | 2 | 5.45 |
| 2024 | 8 | 8.65 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 9.80 |
It may take a day or so for new Yealink vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Yealink Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-12223 | Jun 15, 2026 |
Yealink SIP-T46U 108.86.0.118 | FastCGI cmd inject via TFTPUploadIperfA vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack needs to be initiated within the local network. The exploit is publicly available and might be used. Upgrading to version 108.87.0.23 addresses this issue. Upgrading the affected component is recommended. The vendor explains: "It has been fixed (...) for our technical support branch. However, please note that this specific support branch firmware is not publicly released yet." |
|
| CVE-2026-12222 | Jun 15, 2026 |
Yealink SIPT46U 108.86.0.118: BlueToothTest Buffer Overflow via Web FastCGIA vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs to be done within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure and is working on a patch to fix it. |
|
| CVE-2026-12221 | Jun 15, 2026 |
Yealink SIP-T46U 108.86.0.118 Firmware Chunk Upload Handler Buffer OverflowA vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/start_offset results in stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure and is working on a patch to fix it. |
|
| CVE-2026-12220 | Jun 15, 2026 |
Yealink SIPT46U 108.86.0.118 Buffer Overflow in Firmware Chunk UploadA vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure and is working on a patch to fix it. |
|
| CVE-2026-12219 | Jun 15, 2026 |
Yealink SIPT46U 108.86.0.118 Cmd Injection via Web FastCGIA flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 108.87.0.23 is sufficient to resolve this issue. It is advisable to upgrade the affected component. |
|
| CVE-2026-12218 | Jun 15, 2026 |
Yealink SIPT46U buffer overflow in Web FastCGI Service (108.87.50.1)A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local network is required for this attack. The exploit is now public and may be used. The vendor was contacted early about this disclosure and is working on a patch to fix it. |
|
| CVE-2026-1735 | Feb 02, 2026 |
Command Injection in Yealink MeetingBar A30 Diagnostic Handler v133.321.0.3A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
|
| CVE-2025-68644 | Dec 21, 2025 |
Unauthorized Access via RPS in Yealink Devices (CVE-2025-68644)Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances. |
|
| CVE-2025-14228 | Dec 08, 2025 |
Yealink SIPT21P E2 52.84.0.15 Local Directory Page XSS Remote ExploitA weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer. |
|
| CVE-2024-48353 | Nov 01, 2024 |
Yealink Meeting Server V26 Static Key Exposure VulnerabilityYealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information. |
|
| CVE-2024-48352 | Nov 01, 2024 |
Yealink Meeting Server V26 Sensitive Data Exposure VulnerabilityYealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID. |
|
| CVE-2024-31747 | Apr 29, 2024 |
Yealink VP59 Firmware 122.15.0.142: Disable Phone Lock via WalkieAn issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (fixed in 122.15.0.142) allows a physically proximate attacker to disable the phone lock via the Walkie Talkie menu option. |
|
| CVE-2024-30939 | Apr 25, 2024 |
Yealink VP59 Teams Ed firmware 91.15.0.118: factory reset flaw allows account takeoverAn issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure. |
|
| CVE-2024-28442 | Mar 26, 2024 |
Directory Traversal in Yealink VP59 V.91.15.0.118 via Company PortalDirectory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component. |
|
| CVE-2024-24681 | Feb 23, 2024 |
Hardcoded Key in Yealink Config Encrypt Tool (AES & RSA <1.2)An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations. |
|
| CVE-2022-48625 | Feb 20, 2024 |
Yealink Config Encrypt Tool: RSA Key Pair in 1.1 Allows Decryption AttackYealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary. |
|
| CVE-2024-24091 | Feb 08, 2024 |
Yealink Meeting Server v26.0.0.66 OS Command Injection via File Upload interfaceYealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. |
|
| CVE-2021-27561 | Oct 15, 2021 |
Yealink Device Management (DM) 3.6.0.20Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. |
|