Sip-t21\(p\)e2 CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-66738	1 Yealink	4 Ip Phone Sip-t21p, Sip-t21\(p\)e2, Sip-t21\(p\)e2 Firmware and 1 more	2026-01-09	8.8 High
An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.
CVE-2025-66737	1 Yealink	4 Ip Phone Sip-t21p, Sip-t21\(p\)e2, Sip-t21\(p\)e2 Firmware and 1 more	2026-01-09	4.3 Medium
Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component.

Page 1 of 1.