CNNVD-202506-2886 Information
CNNVD ID
CNNVD-202506-2886
Related CVE
- CNNVD Published: 2025-06-21
Description (Chinese)
Yealink YMCS RPS是中国亿联(Yealink)公司的一款整合了RPS功能的设备管理云服务平台。 Yealink YMCS RPS 2025-06-04之前版本存在安全漏洞,该漏洞源于缺少SN验证尝试限制,可能导致暴力枚举攻击。
Description (English)
Yealink YMCS RPS is a unit of Yealink Corporation that integrates RPS functionality in its equipment management cloud service platform. There was a security loophole in the pre-Yealink YMCS RPS 2025-06-04 version, which stemmed from the lack of SN test attempt restrictions, which could lead to violent bomb attacks.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
亿联
Published
2025-06-21
Last Modified
2026-02-24
References
https://seclists.org/fulldisclosure/2025/Jun/20 https://support.yealink.com/en/portal/knowledge/show?id=6476e7cd6a27da76bd06a9c9 https://www.yealink.com/en/trust-center/security-advisories/b8dc062eaa8d4f59 https://dnip.ch/2025/06/25/yealink-voip-phones-insecurity-by-design/ https://access.redhat.com/security/cve/cve-2025-52916
Patch
https://www.yealink.com/en/trust-center/security-advisories/b8dc062eaa8d4f59
Share on: