CVE-2025-66737
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk45th percentile - higher than 45% of all known CVEs
Summary
Yealink T21P_E2 Phone version 52.84.0.15 is vulnerable to directory traversal. A remote attacker with normal privileges can read arbitrary files via a crafted request to the diagnostic component's result read function.
Risk Assessment
An attacker could access sensitive system files such as configurations or credentials, potentially leading to privilege escalation or data leakage.
Recommendation
Immediately update the phone firmware to the latest version available from the vendor and restrict access to the diagnostic interface to trusted networks only.
Original NVD description (English source)
Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component.

