CVE disclosures

Confirmed vulnerabilities discovered and responsibly disclosed by CloudAware.

CVE-2025-52916

Yealink RPS lacks rate limiting, enabling enumeration MAC addresses

CVE

https://cloudaware.eu/blog/yealink_why2025/

CVE-2025-52917

Yealink RPS-API lacks rate limiting, enabling enumeration of '2FA'

CVE

https://cloudaware.eu/blog/yealink_why2025/

CVE-2025-52918

Yealink RPS-API authentication bypass for blocked accounts

CVE

https://cloudaware.eu/blog/yealink_why2025/

CVE-2025-52919

Certificate upload function lacks input validation

CVE

https://cloudaware.eu/blog/yealink_why2025/

CVE-2024-24681

Yealink leaked RSA key

CVE

CVE-2024-48939

Paxton license key bypass

CVE

https://cloudaware.eu/blog/paxton_licentie/

CVE-2024-55447

Paxton PII leak and access control

CVE

https://seclists.org/fulldisclosure/2024/Dec/0

CVE-2023-43870

Paxton leaked private key root cert

CVE

https://cloudaware.eu/blog/paxton_tls/

CVE-2022-48625

Yealink leaked AES key

CVE

https://cloudaware.eu/yealink/versleuteling/