Browse all 7 CVE security advisories affecting Yealink. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Yealink develops IP phones and video conferencing solutions for business communications. Historically, their devices have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from web interfaces and default credentials. Security researchers have identified issues in firmware management and session handling that could allow unauthorized access. While no major public security incidents have been widely reported, the 7 CVEs on record highlight ongoing concerns about secure configuration and patch management in their communication products. Organizations deploying Yealink equipment should implement network segmentation and regular firmware updates to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1735 | Yealink MeetingBar A30 Diagnostic command injection — MeetingBar A30CWE-77 | 4.3 | Medium | 2026-02-02 |
| CVE-2025-68644 | Yealink RPS 安全漏洞 — RPSCWE-290 | 7.4 | High | 2025-12-21 |
| CVE-2025-14228 | Yealink SIP-T21P E2 Local Directory cross site scripting — SIP-T21P E2CWE-79 | 3.5 | Low | 2025-12-08 |
| CVE-2025-52916 | Yealink YMCS RPS 安全漏洞 — RPSCWE-307 | 2.2 | Low | 2025-06-21 |
| CVE-2025-52917 | Yealink YMCS RPS API 安全漏洞 — RPSCWE-770 | 4.3 | Medium | 2025-06-21 |
| CVE-2025-52919 | Yealink YMCS RPS 信任管理问题漏洞 — RPSCWE-295 | 4.3 | Medium | 2025-06-21 |
| CVE-2025-52918 | Yealink YMCS 安全漏洞 — RPSCWE-863 | 5.0 | Medium | 2025-06-21 |
This page lists every published CVE security advisory associated with Yealink. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.