Primary

Context

Yealink MeetingBar A30 Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in the Yealink MeetingBar A30, specifically in the 133.321.0.3 firmware version. This vulnerability arises from an unknown processing issue within the Diagnostic Handler component, allowing physical access to the device to execute arbitrary commands. The exploitation of this vulnerability does not require authentication, and a proof-of-concept exploit is publicly available.

Impact

Exploitation of this vulnerability allows for unauthorized command execution on the affected device.

Reproduction

To reproduce this vulnerability, physically access the Yealink MeetingBar A30 device. Navigate to 'Device Setting' and then to 'Diagnostic'. Input '127.0.0.1' to execute a command that returns the device's file listing, demonstrating the command injection.

Added: Feb 2, 2026, 1:19 AM

Updated: Feb 2, 2026, 1:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yealink MeetingBar A30 Command Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating