Lucene search
K

16 matches found

NVD
NVD
added 2026/06/15 6:16 a.m.11 views

CVE-2026-12223

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

5.5CVSS0.01194EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 6:16 a.m.11 views

CVE-2026-12222

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS0.00371EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 6:16 a.m.13 views

CVE-2026-12219

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS0.0105EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 6:16 a.m.13 views

CVE-2026-12218

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

8.6CVSS0.00371EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 5:30 a.m.7 views

CVE-2026-12223 Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

5.5CVSS5.7AI score0.01194EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 5:30 a.m.27 views

CVE-2026-12223

The CVE affects Yealink SIP-T46U with firmware 108.86.0.118, specifically the Web FastCGI Service component. The vulnerability lies in the mod_webd.TFTPUploadIperf function within /api/inner/tftpuploadiperf, where manipulating the ip/port argument leads to command injection. Exploitation is descr...

5.5CVSS5.7AI score0.01194EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/15 5:15 a.m.2 views

CVE-2026-12222

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS7.6AI score0.00371EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/15 5:15 a.m.21 views

CVE-2026-12222

CVE-2026-12222 affects Yealink SIP-T46U (firmware 108.86.0.118) via the Web FastCGI Service: function mod_webd.BlueToothTest in /api/inner/bttest, where manipulating btMac/pin/reserved can trigger a stack-based overflow. Exploitation reportedly public and feasible within a local network; vendor d...

8.6CVSS7.6AI score0.00371EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 4:30 a.m.39 views

CVE-2026-12219 Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS0.0105EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 4:30 a.m.6 views

CVE-2026-12219 Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/15 4:30 a.m.2 views

CVE-2026-12219

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/15 4:30 a.m.17 views

CVE-2026-12219

CVE-2026-12219 concerns Yealink SIP-T46U (108.86.0.118) involving the Web FastCGI Service. The vulnerable element is the function mod_diagnose.CommandShellByType in /api/diagnosis/start, where manipulating the Time argument leads to command injection. The flaw enables a remote attacker to execute...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 4:15 a.m.8 views

CVE-2026-12218 Yealink SIP-T46U Web FastCGI Service beforewifitest StartReportInformation stack-based overflow

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

8.6CVSS7.5AI score0.00371EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 4:15 a.m.10 views

EUVD-2026-36691

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

8.6CVSS8.3AI score0.00371EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49182

Name of the Vulnerable Software and Affected Versions Yealink SIP-T46U version 108.86.0.118 Description Command injection is possible in the Web FastCGI Service via the mod webd.TFTPUploadIperf function within the '/api/inner/tftpuploadiperf' endpoint. This occurs when the ip/port argument is...

5.5CVSS6AI score0.01194EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49180

Name of the Vulnerable Software and Affected Versions Yealink SIP-T46U version 108.86.0.118 Description Command injection is possible in the Web FastCGI Service via the '/api/diagnosis/start' endpoint. The issue occurs within the mod diagnose.CommandShellByType function when the Time argument is...

6.5CVSS6.9AI score0.0105EPSS
Exploits0References9
Rows per page
Query Builder