VYPR

IP Phone Sip T21p

by Yealink

CVEs (2)

  • CVE-2012-1417Sep 17, 2014
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.

  • CVE-2025-66738Dec 26, 2025
    risk 0.00cvss epss 0.01

    An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.