Yealink vulnerability – closed
13. February 2020 VARIA

RPS update for Yealink VoIP phones

When is the update planned?
This RPS update is scheduled for February 12, 2020 at 3:00 p.m. to 4:00 p.m. (UTC + 8). All RPS services will continue to run during the update.

What does the update include?
To improve the overall quality and security of the RPS service offering, Yealink has updated the RPS service policy as follows:
1. The Yealink RPS service is primarily designed for brand new phones. Customers are strongly advised to only use it for the initial setup process. The user-friendliness of the RPS service remains unchanged during the initial setup.
2. Existing phones that were once provisioned via RPS will now require additional two-factor device authentication and will be implemented when those phones request RPS service again. If authentication fails, the phones will not be able to access the RPS service.

What can happen to customers?
When you do a factory reset to reconfigure an existing phone using the RPS service, you may see a prompt on the phone screen to enter the last 5 digits of your device’s serial number. Follow the instructions for entering the digits to complete authentication. Otherwise the device cannot connect to RPS.

What can we do to help customers?
We currently offer two options to support customers:
Option # 1: Users can enter the last 5 digits of the phone’s serial number when prompted to complete two-factor authentication after resetting the phone to factory settings.
Option # 2: If customers cannot find or enter the SN themselves, they can unlock the device via the RPS Admin Portal.

If you have any questions or need any assistance, please don’t hesitate to contact us.

We would be happy to call you back if you have any further questions.
[contact-form-7 id=”3390″ title=”Security Gap with Yealink Post 7565″]