Skip to main content

Sip T21 P E2 Firmware

2 CVEs product

Monthly

CVE-2025-66737 MEDIUM POC This Month

Directory traversal in Yealink SIP-T21P(E2) IP phone firmware 52.84.0.15 exposes arbitrary files to low-privileged remote attackers via a crafted request to the diagnostic component's result read function. The flaw is confined to confidentiality impact - attackers can exfiltrate sensitive files (credentials, configuration, logs) stored on the device but cannot modify or crash it. A publicly available proof-of-concept exists, though EPSS at 0.62% indicates limited observed exploitation activity and the device is not listed in the CISA KEV catalog.

Path Traversal Sip T21 P E2 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2025-66738 HIGH POC This Week

Authenticated command injection in the Yealink SIP-T21P_E2 IP phone (firmware 52.84.0.15) lets a remote user with normal, non-administrative privileges execute arbitrary operating-system commands by sending a crafted request to the ping utility of the diagnostic component. Because the CVSS vector reports PR:L, exploitation requires only a low-privileged authenticated session, and publicly available exploit code exists, though the EPSS probability remains modest at 0.60% (44th percentile) and the flaw is not listed in CISA KEV. Successful exploitation yields full high-impact compromise of confidentiality, integrity, and availability on the device.

Command Injection RCE Sip T21 P E2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Directory traversal in Yealink SIP-T21P(E2) IP phone firmware 52.84.0.15 exposes arbitrary files to low-privileged remote attackers via a crafted request to the diagnostic component's result read function. The flaw is confined to confidentiality impact - attackers can exfiltrate sensitive files (credentials, configuration, logs) stored on the device but cannot modify or crash it. A publicly available proof-of-concept exists, though EPSS at 0.62% indicates limited observed exploitation activity and the device is not listed in the CISA KEV catalog.

Path Traversal Sip T21 P E2 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Authenticated command injection in the Yealink SIP-T21P_E2 IP phone (firmware 52.84.0.15) lets a remote user with normal, non-administrative privileges execute arbitrary operating-system commands by sending a crafted request to the ping utility of the diagnostic component. Because the CVSS vector reports PR:L, exploitation requires only a low-privileged authenticated session, and publicly available exploit code exists, though the EPSS probability remains modest at 0.60% (44th percentile) and the flaw is not listed in CISA KEV. Successful exploitation yields full high-impact compromise of confidentiality, integrity, and availability on the device.

Command Injection RCE Sip T21 P E2 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy