6 matches found
CVE-2026-12223
A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...
CVE-2026-12220
A vulnerability exists in Yealink SIP-T46U firmware 108.86.0.118 affecting the mod_upgrade.SparePartsUpload handler in /api/upgrade/accupgradebychunk. Manipulating the uid argument can cause a stack-based buffer overflow. Exploitation is described as local-network only, with public disclosure and...
VulnCheck KEV: CVE-2025-34023
A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted...
CVE-2020-12860
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name...
CVE-2020-12860
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name...
Yealink Yeahlink Ultra-elegant IP Phone SIP-T41P Command Injection Vulnerability
Yealink Yeahlink Ultra-elegant IP Phone SIP-T41P is an IP phone from China Yealink. A command injection vulnerability exists in the network diagnostic feature of the Yealink Yeahlink Ultra-elegant IP Phone SIP-T41P using firmware version 66.83.0.35. The vulnerability arises from a network system ...