Lucene search
+L

13 matches found

RedhatCVE
RedhatCVE
added 2025/12/27 12:5 a.m.15 views

CVE-2025-66737

Yealink T21PE2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component...

4.3CVSS6.8AI score0.00608EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/27 12:5 a.m.6 views

CVE-2025-66738

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

8.8CVSS7.8AI score0.00582EPSS
Exploits1References1
NVD
NVD
added 2025/12/26 4:15 p.m.5 views

CVE-2025-66738

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

8.8CVSS0.00582EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.4 views

Yealink T21P_E2 安全漏洞

Yealink T21PE2 is an IP Phone from China Yealink. A security vulnerability exists in Yealink T21PE2 Phone version 52.84.0.15, which stems from a path traversal issue in the Diagnostics Component Read function, which could allow a remote attacker to read arbitrary files...

4.3CVSS6.7AI score0.00608EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/26 12:0 a.m.2 views

CVE-2025-66738

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

7.5AI score0.00582EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/26 12:0 a.m.30 views

CVE-2025-66738

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

0.00582EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.7 views

PT-2025-53601

Name of the Vulnerable Software and Affected Versions Yealink T21P E2 Phone version 52.84.0.15 Description A flaw exists in the Yealink T21P E2 Phone that could allow a remote attacker with normal privileges to execute arbitrary code. This is possible through a crafted request targeting the ping...

9CVSS7AI score0.00582EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.9 views

PT-2025-53600

Name of the Vulnerable Software and Affected Versions Yealink T21P E2 Phone version 52.84.0.15 Description The Yealink T21P E2 Phone version 52.84.0.15 contains a directory traversal flaw. A remote attacker with normal privileges can read arbitrary files through a crafted request to the diagnosti...

4.3CVSS6.6AI score0.00608EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/12/09 8:26 p.m.6 views

CVE-2025-14228

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...

5.1CVSS5.6AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/08 10:32 a.m.43 views

CVE-2025-14228 Yealink SIP-T21P E2 Local Directory cross site scripting

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...

5.1CVSS0.00198EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/08 10:32 a.m.6 views

EUVD-2025-201706

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...

5.1CVSS5.1AI score0.00198EPSS
Exploits0References5
CVE
CVE
added 2025/12/08 10:32 a.m.20 views

CVE-2025-14228

CVE-2025-14228 affects Yealink SIP-T21P E2 (firmware 52.84.0.15). The issue is a cross-site scripting vulnerability in an unknown function of the Local Directory Page, allowing remote initiation of an attack. Public exploit code exists and has been reported through multiple feeds, with vendor con...

5.1CVSS5.2AI score0.00198EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.4 views

Yealink SIP-T21P E2 代码注入漏洞

Yealink SIP-T21P E2 is an enterprise IP phone from China Yealink. A code injection vulnerability exists in Yealink SIP-T21P E2 version 52.84.0.15, which originates from a cross-site scripting vulnerability in the local catalog page component...

5.1CVSS4.8AI score0.00198EPSS
Exploits0References5
Rows per page
Query Builder