CNNVD-202512-972 Information

CNNVD ID

CNNVD-202512-972

Related CVE

CVE-2025-14228

• CNNVD Published: 2025-12-08

Description (Chinese)

Yealink SIP-T21P E2是中国亿联（Yealink）公司的一款企业IP电话。 Yealink SIP-T21P E2 52.84.0.15版本存在代码注入漏洞，该漏洞源于本地目录页面组件存在跨站脚本漏洞。

Description (English)

Yealink SIP-T21P E2 is an IP phone for a company called Yealink. Yealink SIP-T21P E2 52.84.0.15 has a code-injection loophole, which stems from a cross-site script gap in the local directory page component.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

亿联

Published

2025-12-08

Last Modified

2026-02-24

References

https://vuldb.com/?id.334670 https://drive.google.com/file/d/1vptRtEeoS1AZgnqow1yPrsgsBkw4jXc2/view?usp=sharing https://vuldb.com/?ctiid.334670 https://vuldb.com/?submit.701949 https://access.redhat.com/security/cve/cve-2025-14228