CVE-2025-66738
HIGH
8.8
Our Analysis: Embedded
Our model has classified this vulnerability as relevant to Embedded Systems, helping your team prioritize efforts effectively.
Published Date
December 26, 2025
Last Modified
January 9, 2026
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.