← ExploitWatch
HomeExploited Vulnerabilities

CVE-2021-27561 — Actively Exploited: Device Management (Yealink)

Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.

CVE IDCVE-2021-27561
VendorYealink
ProductDevice Management
Vulnerability nameYealink Device Management Server-Side Request Forgery (SSRF) Vulnerability
Date added2021-11-03
Remediation due2021-11-17
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionYealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →