Lucene search
K

20 matches found

NVD
NVD
added 2026/06/15 6:16 a.m.11 views

CVE-2026-12220

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function modupgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack...

8.6CVSS0.00371EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 6:16 a.m.14 views

CVE-2026-12221

A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/startoffset results in stack-based buffer overflow. The attack needs to be...

8.6CVSS0.00371EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 5:30 a.m.7 views

CVE-2026-12223 Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

5.5CVSS5.7AI score0.01194EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 5:30 a.m.38 views

CVE-2026-12223 Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

5.5CVSS0.01194EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 5:15 a.m.22 views

CVE-2026-12222

CVE-2026-12222 affects Yealink SIP-T46U (firmware 108.86.0.118) via the Web FastCGI Service: function mod_webd.BlueToothTest in /api/inner/bttest, where manipulating btMac/pin/reserved can trigger a stack-based overflow. Exploitation reportedly public and feasible within a local network; vendor d...

8.6CVSS7.6AI score0.00371EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 5:15 a.m.11 views

EUVD-2026-36695

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS8.3AI score0.00371EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 5:0 a.m.10 views

CVE-2026-12221 Yealink SIP-T46U Firmware Chunk Upload upgrade sprintf stack-based overflow

A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/startoffset results in stack-based buffer overflow. The attack needs to be...

8.6CVSS7.5AI score0.00371EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 5:0 a.m.20 views

CVE-2026-12221

Yealink SIP-T46U (version 108.86.0.118) is affected by a stack-based buffer overflow in the Firmware Chunk Upload Handler, caused by a faulty sprintf in /api/upgrade/upgrade when manipulating uid/start_offset. Exploitation requires local-network access; the exploit is publicly available. No remed...

8.6CVSS7.5AI score0.00371EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 4:45 a.m.6 views

CVE-2026-12220 Yealink SIP-T46U Firmware Chunk Upload handler accupgradebychunk mod_upgrade.SparePartsUpload stack-based overflow

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function modupgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack...

8.6CVSS7.5AI score0.00371EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 4:45 a.m.10 views

EUVD-2026-36693

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function modupgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack...

8.6CVSS8.2AI score0.00371EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 4:30 a.m.39 views

CVE-2026-12219 Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS0.0105EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/15 4:30 a.m.2 views

CVE-2026-12219

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/15 4:30 a.m.18 views

CVE-2026-12219

CVE-2026-12219 concerns Yealink SIP-T46U (108.86.0.118) involving the Web FastCGI Service. The vulnerable element is the function mod_diagnose.CommandShellByType in /api/diagnosis/start, where manipulating the Time argument leads to command injection. The flaw enables a remote attacker to execute...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 4:30 a.m.13 views

EUVD-2026-36692

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS6.4AI score0.0105EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 4:15 a.m.8 views

CVE-2026-12218 Yealink SIP-T46U Web FastCGI Service beforewifitest StartReportInformation stack-based overflow

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

8.6CVSS7.5AI score0.00371EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 4:15 a.m.29 views

CVE-2026-12218

The CVE-2026-12218 entry concerns Yealink SIP-T46U (firmware version 108.87.50.1) with a vulnerability in Web FastCGI Service, affecting the function StartReportInformation in /api/inner/beforewifitest. The issue is triggered by manipulating the port argument, causing a stack-based buffer overflo...

8.6CVSS7.5AI score0.00371EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 4:15 a.m.11 views

EUVD-2026-36691

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

8.6CVSS8.3AI score0.00371EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49182

Name of the Vulnerable Software and Affected Versions Yealink SIP-T46U version 108.86.0.118 Description Command injection is possible in the Web FastCGI Service via the mod webd.TFTPUploadIperf function within the '/api/inner/tftpuploadiperf' endpoint. This occurs when the ip/port argument is...

5.5CVSS6AI score0.01194EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49181

Name of the Vulnerable Software and Affected Versions Yealink SIP-T46U version 108.86.0.118 Description A stack-based buffer overflow exists in the Firmware Chunk Upload handler. This occurs when the uid argument is manipulated within the mod upgrade.SparePartsUpload function of the...

8.6CVSS7.6AI score0.00371EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.17 views

PT-2026-49138

Name of the Vulnerable Software and Affected Versions Yealink SIP-T46U version 108.86.0.118 Description A stack-based buffer overflow exists in the Web FastCGI Service component within the mod webd.BlueToothTest function of the /api/inner/bttest endpoint. This issue occurs when manipulating the...

8.6CVSS8.1AI score0.00371EPSS
Exploits0References10
Rows per page
Query Builder