|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-17 | |
| Rule Name: | Yealink Remote Code Execution Vulnerability (CVE-2021-27561) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Yealink DM (Device Management) platform-"offers a comprehensive management solution with key features Unified Deployment and Management, Real-Time Monitoring and Alarm, Remote Troubleshooting." Several vulnerabilities in the Yealink DM server allow remote unauthenticated attackers to cause the server to execute arbitrary commands due to the fact that user provided data is not properly filtered. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://ssd-disclosure.com/ssd-advisory-yealink-dm-pre-auth-root-level-rce/ |
|
| Solutions |
|---|
| There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. |