EN |

Yealink Config Encrypt Tool Hardcoded Encryption Password Vulnerability





CVE Number: NA

Published Date: September 2, 2022

Updated Date: March 27, 2023



Attention: 

Yealink places great importance on the security of our customers and products. This is a dynamic document and may be subject to updates. The latest version of this document can be obtained from the following website: https://www.yealink.com/trust-center-resource




Vulnerability Summary

The Yealink Config Encrypt Tool add RSA V1.1, which is publicly available on the official website and includes a default private.key and pub.key. Additionally, the User Guide on the official website mentions that this pub.key is the built-in RSA public key. Using the default key for encrypting Autop deployment files carries the risk of decryption, which can lead to the loss of deployment information. 

Affected Scope: Users who use the Yealink Config Encrypt Tool add RSA for encryption and perform Autop deployment via HTTP, FTP, or TFTP.

History Links: User Guide   Tool Download 




Influenced Products

Product Family and Model                   Affected           Fixed             
Yealink Config Encrypt Tool add RSA<= V1.1V1.2




Solution

1. Re-encrypt the relevant configuration files using the new encryption tool. In the new release tool, the example private key information for Yealink Config Encrypt Tool add RSA Demo has been removed, and users are now required to create their own passwords.

2. Change the RSA encryption key and do not use the default encryption 




Resolution Measures

You can find the required software, release notes, and other documents at the following location: Yealink_Config_Encrypt_Tool_add_RSA_V1.2




Feedback

For any customers using affected systems who are concerned about this vulnerability in their deployment, please reach out to Yealink technical support for the latest information by visiting Yealink Support.

You can also find additional advanced security guidance and helpful content by searching in the Security News section of the Technical Support Center Yealink Support.



Your Privacy
Strictly Necessary Cookies
Preferences Cookies
Statistics Cookies
Targeted Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, the website stores or retrieves information from your browser, mostly in the form of Cookies. This information may relate to your personal information, preferences or device information and is used primarily to enable the website to provide the services you expect. This information does not usually directly identify you personally, but can provide you with a more personalized web experience. We fully respect your privacy, so you can choose not to allow certain types of Cookies, simply by clicking on the name of a different Cookie category to learn more and change the default settings. However, blocking certain types of Cookies may affect your experience with the site and the services we can provide to you.
Learn more ->
Strictly Necessary Cookies
Always On
These Cookies are essential for users to navigate the site and use its features, which are necessary for the proper functioning of the site, and cannot be turned off on our system. They are set only for actions you do that are equivalent to service requests, such as setting up your login or populating a form.You can set your browser to block or alert you to such Cookies, but some features of the site will not work. These Cookies do not store any personally identifiable information.
Learn more ->
Preferences Cookies
These cookies are mainly used to record users' preferences while browsing the website and using its features. These cookies allow the website to remember your interactions with the website, choices you have made in the past and information you have entered, such as your preferred language or what your username and password are, so you can be logged in automatically. If you do not allow the use of such Cookies, you will not be able to enjoy a more convenient experience with the site.
Learn more ->
Statistics Cookies
These Cookies allow us to count the number of visits to our website and the sources of traffic in order to evaluate and improve the performance of our website. These Cookies also help us to understand the popularity of our pages and the activity of our visitors on the site. All information collected by such Cookies is aggregated to ensure that it remains anonymous. If you do not allow the use of such Cookies, we will have no way of knowing when you visit our site and will not be able to monitor site performance.
Learn more ->
Targeted Cookies
These Cookies may be set by our advertising partners through our website and may also be used by those companies to create profiles of your interests and to display relevant advertisements to you on other websites. These Cookies do not store personal information directly, but use some information that uniquely identifies your browser and Internet device. If you do not allow the use of such Cookies, the advertisements you see will be less targeted.
Learn more ->
PRIVACY PREFERENCE CENTER
Your Privacy
Your Privacy
When you visit any website, the website stores or retrieves information from your browser, mostly in the form of Cookies. This information may relate to your personal information, preferences or device information and is used primarily to enable the website to provide the services you expect. This information does not usually directly identify you personally, but can provide you with a more personalized web experience. We fully respect your privacy, so you can choose not to allow certain types of Cookies, simply by clicking on the name of a different Cookie category to learn more and change the default settings. However, blocking certain types of Cookies may affect your experience with the site and the services we can provide to you.
Learn more ->
Strictly Necessary Cookies
Strictly Necessary Cookies
Always On
These Cookies are essential for users to navigate the site and use its features, which are necessary for the proper functioning of the site, and cannot be turned off on our system. They are set only for actions you do that are equivalent to service requests, such as setting up your login or populating a form.You can set your browser to block or alert you to such Cookies, but some features of the site will not work. These Cookies do not store any personally identifiable information.
Learn more ->
Preferences Cookies
Preferences Cookies
These Cookies are primarily used to record the preferences of users as they navigate the site and use its features. These Cookies allow the website to remember the choices you have made in the past, such as which language you prefer or what your username and password are, so that you can automatically log in. If you do not allow the use of such Cookies, you will not be able to enjoy a more convenient experience with the site.
Learn more ->
Statistics Cookies
Statistics Cookies
These Cookies allow us to count the number of visits to our website and the sources of traffic in order to evaluate and improve the performance of our website. These Cookies also help us to understand the popularity of our pages and the activity of our visitors on the site. All information collected by such Cookies is aggregated to ensure that it remains anonymous. If you do not allow the use of such Cookies, we will have no way of knowing when you visit our site and will not be able to monitor site performance.
Learn more ->
Targeted Cookies
Targeted Cookies
These Cookies may be set by our advertising partners through our website and may also be used by those companies to create profiles of your interests and to display relevant advertisements to you on other websites. These Cookies do not store personal information directly, but use some information that uniquely identifies your browser and Internet device. If you do not allow the use of such Cookies, the advertisements you see will be less targeted.
Learn more ->
Except for necessary cookies, we may also use functional cookies (including third party cookies) to deliver experience for you. You can turn them off by clicking “configure". More information in cookies policy.
Configure I Accept