Unrated severityCISA KEVNVD Advisory· Published Oct 15, 2021· Updated Oct 21, 2025
CVE-2021-27561
CVE-2021-27561
Description
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Yealink/Device Managementdescription
- Range: =3.6.0.20
Patches
Vulnerability mechanics
References
1- ssd-disclosure.commitrex_refsource_MISC
News mentions
0No linked articles in our index yet.