BACK

Security Advisory: Immediate Upgrade Required to Prevent PBX Toll Fraud

  • April 23, 2026
1.6 min read

241Beta_Update

Hackers are using advanced techniques to exploit IP-based security. Upgrade to P-Series V23.3 GA immediately!

Risk Summary

We are issuing this urgent security alert as hackers have refined their attack vectors to circumvent conventional security validations. Attackers are utilizing automated tools to scan Public IPs and specific ports to locate PBX systems, subsequently gaining unauthorized login access to the PBX Management Portal. These exploits facilitate unauthorized outbound calls, directly resulting in fraudulent outbound calling with substantial financial loss and potential disruption of normal communication services.

Risk Level: Critical

Affected Systems

The following deployments and systems are currently under higher risk of attack:

  • Affected Products: P-Series Software Edition (PSE); P-Series Appliance Edition (PAE); P-Series Cloud Edition (PCE)
    *Note: S-Series VoIP PBXs are not affected by this risk, no additional action is required.
  • Systems at Higher Risk:
    PSE instances installed on public cloud platforms configured with a direct Public IP address.
    Deployments on public cloud platforms lacking strict firewall rules.
    PBX Systems where the PBX Management Portal utilizes extension numbers as usernames.

Action Requirement: Upgrade to V23.3 GA Urgently

Yeastar urges you to upgrade to the P-Series V23.3 GA (XX.22.0.139) as soon as possible. This version includes critical security hardening engineered to defend against these attack vectors.

  • Single PBX Upgrade
  1. Option 1 (Online Upgrade): Login your PBX Management Portal, navigate to Maintenance > Upgrade, select the XX.22.0.139 GA version, and click Upgrade Now.
  2. Option 2 (Offline Upgrade): Download the P-Series V23.3 GA firmware directly from here, and go to your pbx for upgrade.
  • Batch PBX Upgrade
  1. For PCE: Use the Task module within Yeastar Central Management (YCM) to schedule and execute automated batch upgrades for your PCE instances.
  2. For PAE/PSE: Utilize the Yeastar Remote Management Premium (RMP) service linked to your YCM to perform batch upgrades.
    *Support Note: If you need RMP service for the batch upgrade but currently do not access to it, please contact us for tailored support.

Security Practice Suggestions

To further fortify your PBX against evolving threats, we strongly recommend implementing robust security practices beyond firmware updates. Key measures include securing network access (avoiding port forwarding and blocking unauthorized IPs), hardening authentication (enforcing strong credentials and granular access control for extension logins), restricting outbound calls to prevent fraudulent activity and more. Please refer to the security practices guide.

Technical Support

If you encounter any issues during the upgrade process or require assistance with security troubleshooting, please feel free to contact the Yeastar Technical Support team.

Leave a Reply

Your email address will not be published. Required fields are marked *

Grow the Next Power

Celebrating 20 years of leadership in business communications, Yeastar doesn’t just build easy-first UC platforms; we build growth engines for service providers.

Discover How