YEALINK RPS ISSUE STATEMENT

Update Time:June 12nd,2025

Yealink received a vulnerability report submitted to Yealink Security by an external security researcher in May 2025. Yealink is actively processing and evaluating it according to the Yealink Vulnerability Disclose Process(VDP) as we understand your concerns about possible vulnerabilities. As a close partner of Yealink, we have the responsibility and obligation to proactively communicate with you as soon as possible. Please see the following description of the progress of vulnerability handling for details.

ISSUE:

1) RPS & Device CA Issue

Issue description: The device certificates issued by Yealink Equipment Issuing CA before 2020 have a forgery vulnerability, which may cause the risk of device identity forgery. This certificate is used for device and RPS-related services .

ANALYSES:

Yealink statement: This Issue only exists in devices sold before 2020, and new devices do not have this Issue. At the same time, because the certificate is used to interact with the RPS server, the current RPS server has added multiple verification measures to prevent malicious traversal attacks. Abnormal behaviors will be locked and added to the blacklist to ensure the security of your information.

SOLUTION:

Mitigation measures:

For Yealink IP Phone products purchased before 2020, we recommend that you upgrade the firmware to strengthen the security access control of the device and RPS for higher security protection.

2) RPS Certificate Content Validation Bypass Vulnerability

Issue description: Using the RPS web interface it is possible to upload any file smaller than 5Mb for as long as the file extention is ".pem".

SOLUTION:

Yealink statement: The device itself has a secondary verification of the certificate format, which will not actually cause any impact. The RPS platform has been optimized and fixed this issue.

Mitigation measures:

For detailed fix disclosure, please see: https://www.yealink.com/en/trust-center/security-advisories/ecb16a4993014d22

3) RPS Device SN Last-Five-Digit Enumeration Vulnerability

Issue description: It has been possible to enumerate the last 5 digits of the serial number of a device.

SOLUTION:

Yealink Statement: This issue has been optimized and fixed.

Mitigation measures:

For detailed fix disclosure, please see: https://www.yealink.com/en/trust-center/security-advisories/b8dc062eaa8d4f59

4) RPS API Rate Limiting Missing Vulnerability

Issue description: RPS API lacks rate limiting controls, potentially enabling excessive request exploitation.

SOLUTION:

Yealink Statement: This issue has been optimized and fixed.

Mitigation measures:

 https://www.yealink.com/en/trust-center/security-advisories/f8205560a8c7443f

5) Frozen Enterprise OpenAPI Access Control Bypass Vulnerability

Issue description: YMCS&RPS fails to enforce access restrictions on OpenAPI for frozen enterprise accounts, allowing unauthorized access to deactivated interfaces.

SOLUTION:

Yealink Statement: This issue has been optimized and fixed.

Mitigation measures:

https://www.yealink.com/en/trust-center/security-advisories/1318c5efb82e4526

Finally, we promise that safety is Yealink’s persistent goal. We will work with you to continuously improve product safety and address any of your concerns as soon as possible.

We therefore will follow the vulnerability disclosure process to conduct a series of measures after a vulnerability is reported. Currently, we recommend that you follow the above guidelines to ensure safety in this issue.

Reported vulnerability will be disclosed on our website, see: https://www.yealink.com/en/trust-center/security-advisories