CVE advisoryKnown Exploit
CVE-2021-27561
Yealink Device Management Command Injection Vulnerability.
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
An unauthenticated command injection vulnerability in Yealink Device Management software allows attackers to execute commands as root. This poses a significant business risk, potentially leading to system compromise. Organizations should identify affected assets and update the software.