Lucene search
K

6 matches found

NVD
NVD
added 2026/06/15 6:16 a.m.11 views

CVE-2026-12223

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

5.5CVSS0.01194EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 4:45 a.m.14 views

CVE-2026-12220

A vulnerability exists in Yealink SIP-T46U firmware 108.86.0.118 affecting the mod_upgrade.SparePartsUpload handler in /api/upgrade/accupgradebychunk. Manipulating the uid argument can cause a stack-based buffer overflow. Exploitation is described as local-network only, with public disclosure and...

8.6CVSS7.5AI score0.00371EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/06/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34023

A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted...

8.5CVSS6AI score0.01409EPSS
Exploits0References1
OSV
OSV
added 2020/05/18 5:15 a.m.3 views

CVE-2020-12860

COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name...

5.3CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2020/05/18 4:20 a.m.20 views

CVE-2020-12860

COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name...

5.3AI score0.01016EPSS
Exploits0References2
CNVD
CNVD
added 2019/05/29 12:0 a.m.3 views

Yealink Yeahlink Ultra-elegant IP Phone SIP-T41P Command Injection Vulnerability

Yealink Yeahlink Ultra-elegant IP Phone SIP-T41P is an IP phone from China Yealink. A command injection vulnerability exists in the network diagnostic feature of the Yealink Yeahlink Ultra-elegant IP Phone SIP-T41P using firmware version 66.83.0.35. The vulnerability arises from a network system ...

9CVSS7.8AI score0.03255EPSS
Exploits0References1
Rows per page
Query Builder