An issue exists in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version prior to 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations.
A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents ...
CloudAware Security Advisory
CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool
========================================================================
Summary
========================================================================
A single, vendorwide, hardcoded AES key in the configuration tool used to
encrypt provisionin ...