← Back to home
ICSA-25-219-08  ·  Published 2025-08-07  ·  View on CISA ICS-CERT ↗

Yealink IP Phones and RPS (Redirect and Provisioning Service)

CVSS 5.0 MEDIUM

Risk Summary

Successful exploitation of these vulnerabilities could result in an information disclosure.

CVEs (4)

Remediations

  • Users of Yealink are encouraged to navigate to Yealink's support portal andupdate to the following versions:
  • SIP-T19P_E2: Version 53.84.0.160 or higher
  • SIP-T21P_E2: Version 52.84.0.160 or higher
  • SIP-T23G: Version 44.84.0.160 or higher
  • SIP-T40G: Version 76.84.0.160 or higher
  • SIP-T40P: Version 54.84.0.160 or higher
  • SIP-T27G: Version 69.86.0.160 or higher
  • SIP-T41S: Version 66.86.0.83 or higher
  • SIP-T42S: Version 66.86.0.83 or higher
  • SIP-T46S: Version 66.86.0.83 or higher
  • SIP- T48S: Version 66.86.0.83 or higher
  • SIP-CP920: Version 78.86.0.15 or higher
  • SIP-T53: Version 96.86.0.75 or higher
  • SIP-T53W: Version 96.86.0.75 or higher
  • SIP-T54W: Version 96.86.0.75 or higher
  • SIP-T57W: Version 96.86.0.75 or higher
  • SIP-T56A: Version 58.86.0.160 or higher
  • SIP-T58: Version 58.86.0.160 or higher
  • W52P: Version 25.81.0.160 or higher
  • W60B: Version 77.85.0.160 or higher
  • CP960: Version 73.86.0.160 or higher
  • SIP-T27P: Version 45.83.0.161 or higher
  • SIP-T29G: Version 46.83.0.160 and prior
  • SIP-T41P: Version 36.83.0.160 and prior
  • SIP-T42G: Version 29.83.0.160 and prior
  • SIP-T46G: Version 28.83.0.160 and prior
  • SIP-T48G: Version 35.83.0.160 and prior
  • RPS (Redirect and Provisioning Service): Yealink has deployed a fix to all cloud service instances
  • The following products are no longer receiving RPS support:
  • SIP-T20P
  • SIP-T22P
  • SIP-T26P
  • SIP-T27P
  • T52S
  • T54S
  • For more information, see the associated Yealink security advisory: Yealink RPS Issue Statement

Affected Vendors

Yealink

Affected Products (33)

Yealink · SIP-T19P_E2 <53.84.0.121
Yealink · SIP-T21P_E2 <52.84.0.121
Yealink · SIP-T23G <44.84.0.121
Yealink · SIP-T40G <76.84.0.121
Yealink · SIP-T40P <54.84.0.121
Yealink · SIP-T27G <69.84.0.121
Yealink · SIP-T41S <66.84.0.121
Yealink · SIP-T42S <66.84.0.121
Yealink · SIP-T46S <66.84.0.121
Yealink · SIP- T48S <66.84.0.121
Yealink · SIP-CP920 <78.84.0.121
Yealink · SIP-T53 <X.84.0.121
Yealink · SIP-T53W <X.84.0.121
Yealink · SIP-T54W <X.84.0.121
Yealink · SIP-T57W <X.84.0.121
Yealink · SIP-T56A <58.84.0.37
Yealink · SIP-T58 <58.84.0.37
Yealink · W52P <25.81.0.67
Yealink · W60B <77.83.0.83
Yealink · CP960 <73.84.0.37
Yealink · SIP-T27P <=45.83.0.160
Yealink · SIP-T29G <=46.83.0.160
Yealink · SIP-T41P <=36.83.0.160
Yealink · SIP-T42G <=29.83.0.160
Yealink · SIP-T46G <=28.83.0.160
Yealink · SIP-T48G <=35.83.0.160
Yealink · SIP-T20P vers:all/*
Yealink · SIP-T22P vers:all/*
Yealink · SIP-T26P vers:all/*
Yealink · SIP-T27P vers:all/*
Yealink · T52S vers:all/*
Yealink · T54S vers:all/*
Yealink · RPS (Redirect and Provisioning Service) <builds_05-26-2025

Affected Sectors

Communications

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more