Sip T21 P E2 Firmware
Monthly
Directory traversal in Yealink SIP-T21P(E2) IP phone firmware 52.84.0.15 exposes arbitrary files to low-privileged remote attackers via a crafted request to the diagnostic component's result read function. The flaw is confined to confidentiality impact - attackers can exfiltrate sensitive files (credentials, configuration, logs) stored on the device but cannot modify or crash it. A publicly available proof-of-concept exists, though EPSS at 0.62% indicates limited observed exploitation activity and the device is not listed in the CISA KEV catalog.
Authenticated command injection in the Yealink SIP-T21P_E2 IP phone (firmware 52.84.0.15) lets a remote user with normal, non-administrative privileges execute arbitrary operating-system commands by sending a crafted request to the ping utility of the diagnostic component. Because the CVSS vector reports PR:L, exploitation requires only a low-privileged authenticated session, and publicly available exploit code exists, though the EPSS probability remains modest at 0.60% (44th percentile) and the flaw is not listed in CISA KEV. Successful exploitation yields full high-impact compromise of confidentiality, integrity, and availability on the device.
Directory traversal in Yealink SIP-T21P(E2) IP phone firmware 52.84.0.15 exposes arbitrary files to low-privileged remote attackers via a crafted request to the diagnostic component's result read function. The flaw is confined to confidentiality impact - attackers can exfiltrate sensitive files (credentials, configuration, logs) stored on the device but cannot modify or crash it. A publicly available proof-of-concept exists, though EPSS at 0.62% indicates limited observed exploitation activity and the device is not listed in the CISA KEV catalog.
Authenticated command injection in the Yealink SIP-T21P_E2 IP phone (firmware 52.84.0.15) lets a remote user with normal, non-administrative privileges execute arbitrary operating-system commands by sending a crafted request to the ping utility of the diagnostic component. Because the CVSS vector reports PR:L, exploitation requires only a low-privileged authenticated session, and publicly available exploit code exists, though the EPSS probability remains modest at 0.60% (44th percentile) and the flaw is not listed in CISA KEV. Successful exploitation yields full high-impact compromise of confidentiality, integrity, and availability on the device.