GCVE - cpe:2.3:a:yealink:rps:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:yealink:rps:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Yealink (`bb00dccf-901c-54fe-84ea-6136ece47bd5`)
Product	Rps (`47e1a1d5-ddbd-5e97-b966-caca8cecc863`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-68644`	vulnerable	2026-06-03 15:11:03.626382	Details available HIGH (7.4) Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances. Published: 2025-12-21T03:01:54.956Z Updated: 2025-12-22T20:18:54.366Z Open on db.gcve.eu Reference links https://www.yealink.com/en/trust-center/security-bulletins/yealink-unauthorized-access-to-rps-vulnerability https://www.yealink.com/website-service/download/Yealink_RPS_Security_Remediation_Verification_Report.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-52919`	vulnerable	2026-06-03 15:03:52.704794	Details available MEDIUM (4.3) In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded. Published: 2025-06-21T00:00:00.000Z Updated: 2025-07-28T13:16:08.312Z Open on db.gcve.eu Reference links https://support.yealink.com/en/portal/knowledge/show?id=6476e7cd6a27da76bd06a9c9 https://www.yealink.com/en/trust-center/security-advisories/ecb16a4993014d22 https://seclists.org/fulldisclosure/2025/Jun/20 https://dnip.ch/2025/06/25/yealink-voip-phones-insecurity-by-design/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-52918`	vulnerable	2026-06-03 15:03:52.704560	Details available MEDIUM (5) Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces. Published: 2025-06-21T00:00:00.000Z Updated: 2025-07-28T13:15:33.423Z Open on db.gcve.eu Reference links https://www.yealink.com/en/trust-center/security-advisories/1318c5efb82e4526 https://support.yealink.com/en/portal/knowledge/show?id=646b44278ef325311f38303f https://seclists.org/fulldisclosure/2025/Jun/20 https://dnip.ch/2025/06/25/yealink-voip-phones-insecurity-by-design/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-52917`	vulnerable	2026-06-03 15:03:52.704323	Details available MEDIUM (4.3) The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests. Published: 2025-06-21T00:00:00.000Z Updated: 2025-07-28T13:14:28.758Z Open on db.gcve.eu Reference links https://support.yealink.com/en/portal/knowledge/show?id=6476e7cd6a27da76bd06a9c9 https://www.yealink.com/en/trust-center/security-advisories/f8205560a8c7443f https://seclists.org/fulldisclosure/2025/Jun/20 https://dnip.ch/2025/06/25/yealink-voip-phones-insecurity-by-design/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-52916`	vulnerable	2026-06-03 15:03:52.703988	Details available LOW (2.2) Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits). Published: 2025-06-21T00:00:00.000Z Updated: 2025-07-28T13:13:38.211Z Open on db.gcve.eu Reference links https://www.yealink.com/en/trust-center/security-advisories/b8dc062eaa8d4f59 https://support.yealink.com/en/portal/knowledge/show?id=6476e7cd6a27da76bd06a9c9 https://seclists.org/fulldisclosure/2025/Jun/20 https://dnip.ch/2025/06/25/yealink-voip-phones-insecurity-by-design/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.