yealink CVE Vulnerabilities & Metrics

Focus on yealink vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About yealink Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with yealink. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total yealink CVEs: 8
Earliest CVE date: 16 Jun 2014, 18:55 UTC
Latest CVE date: 01 Nov 2024, 18:15 UTC

Latest CVE reference: CVE-2024-48353

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -66.67%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -66.67%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical yealink CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.89

Max CVSS: 10.0

Critical CVEs (≥9): 4

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	5
7.0-8.9	1
9.0-10.0	4

CVSS Distribution Chart

Top 5 Highest CVSS yealink CVEs

These are the five CVEs with the highest CVSS scores for yealink, sorted by severity first and recency.

CVE-2021-27561 yealink Published on 15 Oct 2021, 18:15 UTC (CVSS: 10.0)
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
CVE-2013-5755 yealink Published on 16 Jul 2014, 14:19 UTC (CVSS: 10.0)
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2018-16217 yealink Published on 29 May 2019, 18:29 UTC (CVSS: 9.0)
The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection.
CVE-2013-5758 yealink Published on 03 Aug 2014, 18:55 UTC (CVSS: 9.0)
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
CVE-2018-16221 yealink Published on 29 May 2019, 18:29 UTC (CVSS: 7.7)
The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request).

All CVEs for yealink

CVE-2024-48353 yealink vulnerability CVSS: 0 01 Nov 2024, 18:15 UTC

Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information.

CVE-2024-24681 yealink vulnerability CVSS: 0 23 Feb 2024, 23:15 UTC

An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations.

CVE-2023-43959 yealink vulnerability CVSS: 0 17 Oct 2023, 14:15 UTC

An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.

CVE-2020-24113 yealink vulnerability CVSS: 0 22 Aug 2023, 22:15 UTC

Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).

CVE-2021-27561 yealink vulnerability CVSS: 10.0 15 Oct 2021, 18:15 UTC

Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.

CVE-2018-16221 yealink vulnerability CVSS: 7.7 29 May 2019, 18:29 UTC

The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request).

CVE-2018-16218 yealink vulnerability CVSS: 6.8 29 May 2019, 18:29 UTC

A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.

CVE-2018-16217 yealink vulnerability CVSS: 9.0 29 May 2019, 18:29 UTC

The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection.

CVE-2012-1417 yealink vulnerability CVSS: 3.5 17 Sep 2014, 14:55 UTC

Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.

CVE-2013-5758 yealink vulnerability CVSS: 9.0 03 Aug 2014, 18:55 UTC

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.

CVE-2013-5757 yealink vulnerability CVSS: 4.0 03 Aug 2014, 18:55 UTC

Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.

CVE-2013-5756 yealink vulnerability CVSS: 4.0 03 Aug 2014, 18:55 UTC

Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.

CVE-2014-3427 yealink vulnerability CVSS: 5.0 16 Jul 2014, 14:19 UTC

CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.

CVE-2013-5755 yealink vulnerability CVSS: 10.0 16 Jul 2014, 14:19 UTC

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.

CVE-2014-3428 yealink vulnerability CVSS: 4.3 16 Jun 2014, 18:55 UTC

Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet.