6 matches found
CVE-2026-12223
A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...
CVE-2026-12223 Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection
A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...
CVE-2026-12223 Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection
A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...
CVE-2026-12223
The CVE affects Yealink SIP-T46U with firmware 108.86.0.118, specifically the Web FastCGI Service component. The vulnerability lies in the mod_webd.TFTPUploadIperf function within /api/inner/tftpuploadiperf, where manipulating the ip/port argument leads to command injection. Exploitation is descr...
EUVD-2026-36696
A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...
PT-2026-49182
Name of the Vulnerable Software and Affected Versions Yealink SIP-T46U version 108.86.0.118 Description Command injection is possible in the Web FastCGI Service via the mod webd.TFTPUploadIperf function within the '/api/inner/tftpuploadiperf' endpoint. This occurs when the ip/port argument is...