CVE-2024-24681

An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations.

CVSS

No CVSS.

References

Link	Resource
https://github.com/gitaware/CVE/tree/main/CVE-2024-24681
https://seclists.org/fulldisclosure/2024/Feb/22

Configurations

No configuration.

History

28 Mar 2024, 08:15

Type	Values Removed	Values Added
Summary		(es) Clave AES insegura en la herramienta de cifrado de configuración de Yealink inferior a la versión 1.2. Se filtró una única clave AES codificada en todo el proveedor en la herramienta de configuración utilizada para cifrar los documentos de aprovisionamiento, lo que comprometió la confidencialidad de los documentos de aprovisionamiento.
Summary	(en) Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.	(en) An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations.
References	~~{'url': 'https://www.reddit.com/r/VOIP/comments/ys9mel/what_are_some_of_the_good_white_label_voip/', 'source': 'cve@mitre.org'}~~	() https://github.com/gitaware/CVE/tree/main/CVE-2024-24681 - () https://seclists.org/fulldisclosure/2024/Feb/22 -

23 Feb 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-23 23:15

Updated : 2024-03-28 08:15

NVD link : CVE-2024-24681

Mitre link : CVE-2024-24681

CVE.ORG link : CVE-2024-24681

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-24681

Attach tags to `CVE-2024-24681`