Skip to main content

Device Management

1 CVEs product

Monthly

CVE-2021-27561 CRITICAL POC KEV THREAT Act Now

Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Device Management
NVD
CVSS 3.1
9.8
EPSS
82.5%
EPSS 83% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Device Management
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy