PT-2024-11765 · Yealink · Yealink Config Encrypt Tool
Published
2024-02-19
·
Updated
2025-08-26
·
CVE-2022-48625
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Yealink Config Encrypt Tool versions prior to 1.2
Description
The issue concerns a built-in RSA key pair in the Yealink Config Encrypt Tool, which poses a risk of decryption by an adversary.
Recommendations
For versions prior to 1.2, consider updating to version 1.2 or later to mitigate the risk of decryption by an adversary.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yealink Config Encrypt Tool