CNNVD-202506-2883 Information
CNNVD ID
CNNVD-202506-2883
Related CVE
- CNNVD Published: 2025-06-21
Description (Chinese)
Yealink YMCS RPS是中国亿联(Yealink)公司的一款整合了RPS功能的设备管理云服务平台。 Yealink YMCS RPS 2025-05-26之前版本存在信任管理问题漏洞,该漏洞源于证书上传功能未正确验证证书内容,可能导致上传无效证书。
Description (English)
Yealink YMCS RPS is a unit of Yealink Corporation that integrates RPS functionality in its equipment management cloud service platform. Before Yealink YMCS RPS 2025-05-26, there was a trust management gap, which resulted from the incorrect authentication of certificate content by the certificate upload function, which could lead to the uploading of invalid certificates.
Hazard Level
High
Vulnerability Type
信任管理问题
Affected Vendor
亿联
Published
2025-06-21
Last Modified
2026-02-24
References
https://seclists.org/fulldisclosure/2025/Jun/20 https://support.yealink.com/en/portal/knowledge/show?id=6476e7cd6a27da76bd06a9c9 https://www.yealink.com/en/trust-center/security-advisories/ecb16a4993014d22 https://dnip.ch/2025/06/25/yealink-voip-phones-insecurity-by-design/ https://access.redhat.com/security/cve/cve-2025-52919
Patch
https://www.yealink.com/en/trust-center/security-advisories/ecb16a4993014d22
Share on: