Yealink Meeting Server vulnerabilities
3 known vulnerabilities affecting yealink/yealink_meeting_server.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-24091P2CRITICALCVSS 9.8fixed in 26.0.0.662024-02-08
CVE-2024-24091 [CRITICAL] CWE-78 CVE-2024-24091: Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerabi
Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface.
nvd
CVE-2024-48352P3HIGHCVSS 7.5fixed in 26.0.0.672024-11-01
CVE-2024-48352 [HIGH] CWE-922 CVE-2024-48352: Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server resp
Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID.
nvd
CVE-2024-48353P3HIGHCVSS 7.5fixed in 26.0.0.672024-11-01
CVE-2024-48353 [HIGH] CWE-922 CVE-2024-48353: Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a fr
Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information.
nvd