Trade-In Campaign – Upgrade to Yealink with Android 13 or Windows 11 + MDEP Online Webinar: Discover the Latest AI-Powered AV Solutions for Next-gen Digtial Workpace
EN
English Español Français Deutsch Nederlands Português 中文
Contact Sales
Products
Microsoft | Zoom Device Headsets IP Phone H.323/SIP Room Endpoints Management Platform
Others
EoL Products EoS Products Products A-Z
Business Solutions
Microsoft Solutions NEW Zoom Solutions By Meeting Space By Industry By Scenario NEW For Strategic Partners
Essential Tools
Live Demo Service Room Configurator Deployment Tools Room Device Calculator Headset Selector NEW Headset Compatible Center NEW
Yealink Support
Pre-Sale Service After-Sale Service Trust Center Resource Center Yealink Academy Policy Center Support Home
Yealink Partner
Partners Online Reseller IP Phone Engineer Microsoft Solution Engineer Headset Solution Engineer Multicell Engineer
Company
About Yealink News & Insights Customer Stories Sustainability Contact Us
Teams Rooms System NEW HOT
Zoom Rooms System
USB Cameras & BYOD Kits
AIOT Room Device
Room Audio Devices
Room System Accessories NEW
Room Mount Kit
Teams Phones
Zoom Phones
Bluetooth Wireless Headsets
DECT Wireless Headsets NEW
Wired Headsets NEW
Speakerphones NEW
Headset Accessories
Headset Selector
T5 Series
T4 Series
T3 Series
Teams Phones
Zoom Phones
Conference Phones
DECT Phones
Wi-Fi IP Phone NEW
Phone Accessories
MeetingEye Series
Video Conferencing Room Series
Device Management Platform (YDMP)
Management Cloud Service (YMCS)
USB Connect Management
Teams Room
Teams Phone
AV ONE NEW
SkySound Audio Solution NEW
Zoom Rooms
Zoom Phone
Zoom Meetings
Small Room
Medium Room
Large Room
Extra-Large Room
Finance
Education
Healthcare
Manufacturing
Future Workers
Headset&Handset
Personal Collaboration
Desktop Video
Video Conferencing NEW
RingCentral Solutions
3CX Solution
Extron Solution
BroadSoft Solution
Metaswitch Solution
BlueJeans Solution
Online Demo for MTR
Customer Experience Center
Room Configurator
Device Calculator
Headset Compatibility
Submit a Ticket
Assurance Maintenance System
Partner PrimeCare Service
Hotline Service
Device Management Service
Overview
Security&Compliance
Privacy
Resources
Security Advisories
Software
Materials
Videos
Learning Center
Training List
Certification Portal
Webniar & Events
End-of-Life Policy
Vulnerability Disclosure Policy
Partner Center
Channel Partners
Technology Partners
Carrier and ITSP Partners
Program Overview
Authorized Online Reseller
Unauthorized Yealink Online Reseller
Find an Authorized Online Reseller
Become an Authorized Online Reseller
Opportunity Registration
Junior Certified IP Phone Engineer
Senior Certified IP Phone Engineer
Certified IP Phone Sales Engineer
Yealink Microsoft Solution Sales Course
Yealink Microsoft Solution Technical Course
Certified Headset Solution Specialist
Certified Headset Solution Professional
Certified Multicell Engineer
Company Profile
Company Honors
Webniar & Events
Global Privacy Statement
Blog
News Center
Room Design Center
Manufacturing
IT services
Education
Retail
Healthcare
Sustainable Development
Environmental
People
CSR
Resources
Contact Us
Contact Support
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW


YEALINK IP PHONE- FIRMWARE UNPACKED STATEMENT



Update Time: June 12,2025


Yealink received a vulnerability report submitted to Yealink Security by an external security researcher in May 2025.We are actively processing and evaluating it according to the Yealink Vulnerability Disclosure Process (VDP), acknowledging your concerns about potential vulnerabilities. It is Yealink’s obligation to initiate proactive communication with close partners on vulnerability-related matters. Below is a detailed progress update on the vulnerability remediation:

 

ISSUE:

1) Firmware Unpacked Issue

Issue 1: ROM package key is lost

There is a vulnerability reported in the firmware encryption mechanism of Yealink VoIP phones. This issue is applicable on versions V86 and below. Attackers can decrypt the firmware through reverse engineering and obtain information data of the ROM file;

Issue 2: Version.bin injection issue

The Version.bin file in the ROM file has a missing security verification mechanism vulnerability, and the digital signature is not perfect. The attacker forges a ROM package file and triggers the upgrade of the device by logging into the device; during the upgrade process, the tampered Version.bin will be executed;

 

ANALYSIS:

Yealink Statement:

① After decrypting the ROM package file can only obtain some OEM customized information , but cannot control your device;

② The execution of Version.bin only occurs when the controller has the authority to upgrade the device  . In actual scenarios, the device web backend requires an administrator password to log in, which makes it difficult for attackers to direct gain access to device upgrade permissions. In addition, devices with secure boot will be verified when they are upgraded which makes that the attack cannot be executed non-persistently.


 

SOLUTION:

Mitigation measures:

If you still have concerns, you can solve them by upgrading. 

①Decrypting a ROM package yields only partial OEM customized information (e.g. autop url). Typically customizable information excludes user data. The default firmware is non-OEM-customized. Impact assessments may be conducted based on required customization parameters.

②Build V87 or later resolves the Version.bin execution issue. See the versions below.



Basic Information

Issue 1: ROM package key is lost

Issue 2: Version.bin injection issue

Product Line

model

Issue 1 Affected Version

Solution version

Issue version

Solution version 

Secure boot

phone

SIP-T7X (T73U\W, T74U\W, T77U)

Not   affected

NA

Not affected

NA

Y

SIP -T85W,   SIP-T87W

Not   affected

NA

Not   affected

NA

Y

DECT Phone

W75B,W75DM

Not   affected

NA

Not   affected

NA

Y

Android   Phone

SIP-T88W,   SIP-T88V

Not   affected

NA

Not   affected

NA

Y

4G phone

T74LTE

Not affected

NA

Not affected

NA

Y

Wi-Fi IP   Phone

Wi-Fi IP Phone (AX83H, AX86R)

Not   affected

NA

Not   affected

NA

Y

IP Phone

SIP-T3W   (T31W\T34W)

Not   affected

NA

Not   affected

NA

Y

SIP-T3X (T30\T30P\T31P\T31G\T33G)

124.86.0.60   and below

124.87.0.15  

124.86.0.60   and below

124.87.0.15  

Y

SIP-T4X (T42U\T43U\T44U\T44W\T46U\T48U)

V86 and   below

108.87.0.15

V86 and   below

108.87.0.15

Y

SIP-T5X(T53\T53W\T54W\T57W)

V86 and   below

96.87.0.15

V86 and   below

96.87.0.15

Y

CP925

V86 and   below

148.87.0.15

V86 and   below

148.87.0.15

Y

CP935W

V86 and   below

149.87.0.15

V86 and   below

149.87.0.15

Y

Android   Phone

VP59

V86 and   below

91.87.0.15

V86 and   below

91.87.0.15

Y

T58W

V86 and   below

150.87.0.15

V86 and   below

150.87.0.15

Y

CP965   (PX30+YL2018)

V86 and   below

143.87.0.15

V86 and   below

143.87.0.15

Y

DECT Phone

W70B

V86 and   below

146.87.0.15

V86 and   below

146.87.0.15

Y

W80B,W80DM

V86 and   below

103.87.0.10

V86 and   below

103.87.0.10

Y

W90B,W90DM

V86 and   below

130.87.0.10

V86 and   below

130.87.0.10

Y

For information on supported versions of EOL models, please contact technical support team.

 

Finally, we promise that safety is Yealink’s persistent goal. We will work with you to continuously improve product safety and address any of your concerns as soon as possible.

 

We therefore will follow the vulnerability disclosure process to conduct a series of measures after a vulnerability is reported. Currently, we recommend that you follow the above guidelines to ensure safety in this issue.

Reported vulnerability will be disclosed on our website, see: https://www.yealink.com/en/trust-center/security-advisories



Your Privacy
Strictly Necessary Cookies
Preferences Cookies
Statistics Cookies
Targeted Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, the website stores or retrieves information from your browser, mostly in the form of Cookies. This information may relate to your personal information, preferences or device information and is used primarily to enable the website to provide the services you expect. This information does not usually directly identify you personally, but can provide you with a more personalized web experience. We fully respect your privacy, so you can choose not to allow certain types of Cookies, simply by clicking on the name of a different Cookie category to learn more and change the default settings. However, blocking certain types of Cookies may affect your experience with the site and the services we can provide to you.
Learn more ->
Strictly Necessary Cookies
Always On
These Cookies are essential for users to navigate the site and use its features, which are necessary for the proper functioning of the site, and cannot be turned off on our system. They are set only for actions you do that are equivalent to service requests, such as setting up your login or populating a form.You can set your browser to block or alert you to such Cookies, but some features of the site will not work. These Cookies do not store any personally identifiable information.
Learn more ->
Preferences Cookies
These cookies are mainly used to record users' preferences while browsing the website and using its features. These cookies allow the website to remember your interactions with the website, choices you have made in the past and information you have entered, such as your preferred language or what your username and password are, so you can be logged in automatically. If you do not allow the use of such Cookies, you will not be able to enjoy a more convenient experience with the site.
Learn more ->
Statistics Cookies
These Cookies allow us to count the number of visits to our website and the sources of traffic in order to evaluate and improve the performance of our website. These Cookies also help us to understand the popularity of our pages and the activity of our visitors on the site. All information collected by such Cookies is aggregated to ensure that it remains anonymous. If you do not allow the use of such Cookies, we will have no way of knowing when you visit our site and will not be able to monitor site performance.
Learn more ->
Targeted Cookies
These Cookies may be set by our advertising partners through our website and may also be used by those companies to create profiles of your interests and to display relevant advertisements to you on other websites. These Cookies do not store personal information directly, but use some information that uniquely identifies your browser and Internet device. If you do not allow the use of such Cookies, the advertisements you see will be less targeted.
Learn more ->
PRIVACY PREFERENCE CENTER
Your Privacy
Your Privacy
When you visit any website, the website stores or retrieves information from your browser, mostly in the form of Cookies. This information may relate to your personal information, preferences or device information and is used primarily to enable the website to provide the services you expect. This information does not usually directly identify you personally, but can provide you with a more personalized web experience. We fully respect your privacy, so you can choose not to allow certain types of Cookies, simply by clicking on the name of a different Cookie category to learn more and change the default settings. However, blocking certain types of Cookies may affect your experience with the site and the services we can provide to you.
Learn more ->
Strictly Necessary Cookies
Strictly Necessary Cookies
Always On
These Cookies are essential for users to navigate the site and use its features, which are necessary for the proper functioning of the site, and cannot be turned off on our system. They are set only for actions you do that are equivalent to service requests, such as setting up your login or populating a form.You can set your browser to block or alert you to such Cookies, but some features of the site will not work. These Cookies do not store any personally identifiable information.
Learn more ->
Preferences Cookies
Preferences Cookies
These Cookies are primarily used to record the preferences of users as they navigate the site and use its features. These Cookies allow the website to remember the choices you have made in the past, such as which language you prefer or what your username and password are, so that you can automatically log in. If you do not allow the use of such Cookies, you will not be able to enjoy a more convenient experience with the site.
Learn more ->
Statistics Cookies
Statistics Cookies
These Cookies allow us to count the number of visits to our website and the sources of traffic in order to evaluate and improve the performance of our website. These Cookies also help us to understand the popularity of our pages and the activity of our visitors on the site. All information collected by such Cookies is aggregated to ensure that it remains anonymous. If you do not allow the use of such Cookies, we will have no way of knowing when you visit our site and will not be able to monitor site performance.
Learn more ->
Targeted Cookies
Targeted Cookies
These Cookies may be set by our advertising partners through our website and may also be used by those companies to create profiles of your interests and to display relevant advertisements to you on other websites. These Cookies do not store personal information directly, but use some information that uniquely identifies your browser and Internet device. If you do not allow the use of such Cookies, the advertisements you see will be less targeted.
Learn more ->
Except for necessary cookies, we may also use functional cookies (including third party cookies) to deliver experience for you. You can turn them off by clicking “configure". More information in cookies policy.
Configure I Accept