[Freeswitch-dev] RPS vulnerability, Yealink responds.

Ken Rice krice at freeswitch.org
Fri Nov 1 19:38:48 MSK 2013

Hey Guys,

As you know theres been a big buzz about Remote Provisioning Services and
vulnerabilities that are possible.

We have been in touch with Yealink, and they have released the following

----- Snip -------
Recently we received reports stating there were security vulnerabilities in
Yealink phones¹ RPS feature. We have investigated in these reports and found
out that this problem was already solved in our V71 version of firmware.
Correction and Precaution Solutions for RPS Security Vulnerability Issues
Yealink V71 version firmware could completely guard the Yealink IP Phones
from the security risks.
How to operate:
1)     To upgrade the Yealink IP Phones to V71 firmware;
2)     To encrypt the configuration files with Yealink cfg encryption tool.
The Yealink cfg encryption tool could be downloaded per below link,
Yealink take our customers¹ security very seriously and are constantly
working to improve the security features of our products. Yealink therefore
also highly recommend our customers regularly update firmware to the latest
version to benefit from our new features and facilities.

----- Snip ------

So if you are using Yealink and RPS encrypt those configs and upgrade to
atleast the V71 firmware.

G+ ClueCon :    http://fs0.us/cluecon-gplus
FB ClueCon :    http://fs0.us/cluecon-fb
G+ FreeSwitch : http://fs0.us/freeswitch-gplus
FB FreeSWITCH : http://fs0.us/freeswitch-fb
Twitter : @FreeSWITCH_WIRE
irc.freenode.net #freeswitch

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20131101/d3b60e02/attachment.html 

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-dev mailing list