CNNVD-202506-2882 Information
CNNVD ID
CNNVD-202506-2882
Related CVE
- CNNVD Published: 2025-06-21
Description (Chinese)
Yealink YMCS是中国亿联(Yealink)公司的一个云管理服务,用于集中管理和维护Yealink的设备。 Yealink YMCS 2025-05-26之前版本存在安全漏洞,该漏洞源于未阻止冻结企业账户访问OpenAPI,可能导致未经授权的访问。
Description (English)
Yealink YMCS is a cloud management service of Yealink Corporation of China, which centrally manages and maintains Yealink equipment. There was a security loophole in the pre-Yealink YMCS 2025-05-26 version, which stemmed from the failure to prevent the freezing of business accounts from accessing OpenAPI, which could lead to unauthorized access.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
亿联
Published
2025-06-21
Last Modified
2026-02-24
References
https://support.yealink.com/en/portal/knowledge/show?id=646b44278ef325311f38303f https://seclists.org/fulldisclosure/2025/Jun/20 https://www.yealink.com/en/trust-center/security-advisories/1318c5efb82e4526 https://dnip.ch/2025/06/25/yealink-voip-phones-insecurity-by-design/ https://access.redhat.com/security/cve/cve-2025-52918
Patch
https://www.yealink.com/en/trust-center/security-advisories/1318c5efb82e4526
Share on: