CVE-2021-27561 - Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability
Project:Yealink
Product:Device Management
Date Added:2021-11-03Due Date:2021-11-17
Vulnerability Name
Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability
Description
Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-27561