CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-48353
https://notcve.org/view.php?id=CVE-2024-48353
01 Nov 2024 — Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information. • http://yealink.com • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-48352
https://notcve.org/view.php?id=CVE-2024-48352
01 Nov 2024 — Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID. • http://yealink.com • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24091
https://notcve.org/view.php?id=CVE-2024-24091
08 Feb 2024 — Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. Se descubrió que Yealink Meeting Server anterior a v26.0.0.66 contenía una vulnerabilidad de inyección de comandos del sistema operativo a través de la interfaz de carga de archivos. • https://www.yealink.com/en/trust-center/security-advisories/2f2b990211c440cf • CWE-94: Improper Control of Generation of Code ('Code Injection') •