Primary

Context

Yealink YMCS RPS Brute-Force Enumeration Vulnerability in SN Verification

Vulnerability

A vulnerability exists in Yealink YMCS RPS prior to 2025-06-04, allowing brute-force enumeration of the last five digits of the device serial number. This issue arises from a lack of limits on verification attempts, enabling repeated guesses to successfully enumerate serial numbers.

Impact

Exploitation of this vulnerability allows for brute-force enumeration of the last five digits of the device serial number, potentially leading to unauthorized identification of devices.

Remediation

Yealink has released a security update on June 4, 2025, which has been automatically deployed to all YMCS cloud service instances. For additional information, customers can contact Yealink technical support.

Added: Jun 21, 2025, 11:17 PM

Updated: Jun 21, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yealink YMCS RPS Brute-Force Enumeration Vulnerability in SN Verification

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating