Skip to main content

Yealink Meeting Server

3 CVEs product

Monthly

CVE-2024-48353 HIGH This Week

Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yealink Meeting Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48352 HIGH This Week

Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yealink Meeting Server
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-24091 CRITICAL Act Now

Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload Yealink Meeting Server
NVD
CVSS 3.1
9.8
EPSS
1.1%
EPSS 0% CVSS 7.5
HIGH This Week

Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yealink Meeting Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yealink Meeting Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload Yealink Meeting Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy