Description
A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-02-02
Score: 2.4 Low
EPSS: < 1% Very Low
KEV: No
Impact: Command Injection
Action: Patch
AI Analysis

Impact

The vulnerability arises from an unvalidated diagnostic command handler in Yealink MeetingBar A30 firmware 133.321.0.3, allowing an attacker to inject and execute arbitrary system commands. This flaw is categorized as CWE-74 and CWE-77. If exploited, an attacker who can reach the device physically could run any commands, potentially compromising confidentiality, integrity, or availability of the device.

Affected Systems

The affected platform is the Yealink MeetingBar A30 handheld device running firmware version 133.321.0.3. No other versions or products are listed as vulnerable in the provided information.

Risk and Exploitability

The CVSS score is 2.4, indicating a low severity assessment. The EPSS is less than 1%, suggesting a rare likelihood of exploitation. The advisory notes that the device can be attacked from the field where the device is physically present, and the exploit is publicly available, but the vendor remains unresponsive. No official KEV listing further limits widespread exploitation concerns.

Generated by OpenCVE AI on April 18, 2026 at 00:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the latest firmware revision that closes the diagnostic command handler flaw, if such an update is available from Yealink.
  • Limit physical access to the MeetingBar A30 by securing the operating environment and restricting entry to authorized personnel.
  • Isolate the device on a dedicated network segment and enforce strict access controls to prevent lateral movement or remote exploitation.

Generated by OpenCVE AI on April 18, 2026 at 00:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 03 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Yealink
Yealink meetingbar A30
Vendors & Products Yealink
Yealink meetingbar A30

Mon, 02 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Feb 2026 01:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title Yealink MeetingBar A30 Diagnostic command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 4.6, 'vector': 'AV:L/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 2.4, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Yealink Meetingbar A30
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:12:03.131Z

Reserved: 2026-02-01T07:38:04.135Z

Link: CVE-2026-1735

cve-icon Vulnrichment

Updated: 2026-02-02T17:03:08.216Z

cve-icon NVD

Status : Deferred

Published: 2026-02-02T01:15:51.697

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1735

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T01:00:11Z

Weaknesses