IP Phone Sip T21p
by Yealink
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-1417 | 0.03 | — | 0.02 | Sep 17, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com. | |||
| CVE-2025-66738 | 0.00 | — | 0.01 | Dec 26, 2025 | An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component. |
- CVE-2012-1417Sep 17, 2014risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
- CVE-2025-66738Dec 26, 2025risk 0.00cvss —epss 0.01
An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.