CVE-2025-66737

Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component.

medium 4.3 CVSS 3.1

Published: Dec 26, 2025

Modified: Jan 9, 2026

Vendor: Yealink

Versions: 52.84.0.15

Description

Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component.

References

http://yealink.com
https://drive.google.com/file/d/1MpxnCL4koKupqWWDmY3ljlybjIPD8ieD/view?usp=sharing

Related CVEs

CVSS Breakdown

Version	3.1
Score	4.3 / 10
Severity	medium

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weakness (CWE)

CWE-23

Affected Product

Vendor	Yealink
Product	Sip-T21\(P\)E2 Firmware
Versions	52.84.0.15