CVE-2024-24681 Information

Description

Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single vendorwide hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.

Reference

https://www.reddit.com/r/VOIP/comments/ys9mel/what_are_some_of_the_good_white_label_voip/