Impact
A stack-based buffer overflow has been identified in the Web FastCGI Service of the Yealink SIP‑T46U 108.87.50.1 when an attacker manipulates the port argument of the StartReportInformation function. The vulnerability allows overwriting the return address on the stack, potentially leading to arbitrary code execution on the device. The flaw is currently publicly exploitable, as exploit code is available.
Affected Systems
Yealink SIP‑T46U 108.87.50.1 is affected. The vulnerable component is the Web FastCGI Service accessed through the /api/inner/beforewifittest endpoint. Only the specific model and firmware version mentioned in the report are confirmed to be impacted known to be vulnerable.
Risk and Exploitability
The CVSS score of 8.6 classifies this flaw as high severity. The EPSS score indicates a very low exploitation probability (< 1%), yet the availability of public exploit code raises the practical risk for organizations with exposed local network access. The issue is not listed in CISA’s KEV catalog. Attack requires local network connectivity and can be triggered by sending a crafted request to the vulnerable endpoint. Until an official patch is released, mitigating by restricting local network access to the endpoint or isolating the device is the most effective approach.
OpenCVE Enrichment