Unrated severityCISA KEVNVD Advisory· Published Oct 15, 2021· Updated Oct 21, 2025
CVE-2021-27561
CVE-2021-27561
Description
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
Affected products
1- Yealink/Device Managementdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- ssd-disclosure.commitrex_refsource_MISC
News mentions
0No linked articles in our index yet.