Yealink · Yealink Configuration Encrypt Tool · CVE-2024-24681
**Name of the Vulnerable Software and Affected Versions**
Yealink Configuration Encrypt Tool versions prior to 1.2
Yealink Configuration Encrypt Tool (RSA version) (affected versions not specified)
**Description**
An issue was discovered in the Yealink Configuration Encrypt Tool where a single hardcoded key is used across customers' installations to encrypt provisioning documents. This hardcoded AES key was leaked, leading to a compromise of confidentiality of provisioning documents.
**Recommendations**
For Yealink Configuration Encrypt Tool versions prior to 1.2, update to version 1.2 or later to resolve the issue.
For Yealink Configuration Encrypt Tool (RSA version), at the moment, there is no information about a newer version that contains a fix for this vulnerability.