CNNVD-202512-4809 Information

CNNVD ID

CNNVD-202512-4809

Related CVE

CVE-2025-66737

• CNNVD Published: 2025-12-26

Description (Chinese)

Yealink T21P_E2是中国亿联（Yealink）公司的一款IP电话机。 Yealink T21P_E2 Phone 52.84.0.15版本存在安全漏洞，该漏洞源于诊断组件读取功能存在路径遍历问题，可能导致远程攻击者读取任意文件。

Description (English)

Yealink T21P E2 is an IP phone for Yealink. Yealink T21P E2 Phone 52.84.0.15 has a security loophole, which stems from the routing problem of the reading function of the diagnostic component, which may lead the remote attacker to read any document.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

亿联

Published

2025-12-26

Last Modified

2026-02-24

References

http://yealink.com https://drive.google.com/file/d/1MpxnCL4koKupqWWDmY3ljlybjIPD8ieD/view?usp=sharing https://access.redhat.com/security/cve/cve-2025-66737