CVE-2026-12218 - Vulnerability Details

- Yealink SIP-T46U Web FastCGI Service beforewifitest StartReportInformation stack-based overflow

Description

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local network is required for this attack. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-06-15

Score: 8.6 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a stack-based buffer overflow caused by improper validation of the port argument in the StartReportInformation function of Yealink’s Web FastCGI Service. The overflow can enable an attacker to overwrite the return address and potentially execute arbitrary code, leading to remote code execution on the device. Because the flaw exists in a component exposed to the local network, the attacker needs local network access. The public availability of exploit code indicates the risk to a device on an unsecured local network is immediate.

Affected Systems

Yealink SIP‑T46U 108.87.50.1 is affected. The specific component is the Web FastCGI Service, accessed via the /api/inner/beforewifittest endpoint.

Risk and Exploitability

The CVSS score of 8.6 classifies this vulnerability as high severity. EPSS is not available, so no current exploitation probability figure can be cited, but the public availability of exploit code indicates that exploitation is feasible. The vulnerability is not listed in KEV. Attack requires local network access to the SIP device; once accessed, the attacker can trigger the overflow by sending a crafted request to /api/inner/beforewifittest. Due to lack of a vendor patch or known workaround, organizations must rely on network controls to mitigate or monitor for exploitation attempts.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Yealink

SIP-T46U

affected

Version	Status	Constraints
`108.87.50.1`	affected	—

No data.

Vendor Product Confidence Versions

Yealink

Sip-t46u

95%

Version	Status	Scheme	Platform
`108.87.50.1`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any firmware update or patch from Yealink that addresses the stack-based overflow in the StartReportInformation function of the Web FastCGI Service.
Restrict local network access to the /api/inner/beforewifittest endpoint or the Web FastCGI Service port using firewall rules or ACLs.
Isolate the SIP‑T46U on a separate VLAN or subnet, limiting its communication to trusted systems and reducing the attack surface.
Deploy continuous monitoring of device logs and network traffic for signs of exploit attempts, and investigate any anomalies promptly.

Generated by OpenCVE AI on June 15, 2026 at 07:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://cdn2.v50to.cc/T46U/T46U_beforewifitest_stack_overflow.zip
https://vuldb.com/cve/CVE-2026-12218
https://vuldb.com/submit/834193
https://vuldb.com/vuln/370861
https://vuldb.com/vuln/370861/cti

History

Mon, 15 Jun 2026 06:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local network is required for this attack. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Yealink SIP-T46U Web FastCGI Service beforewifitest StartReportInformation stack-based overflow
First Time appeared		Yealink Yealink sip-t46u
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:a:yealink:sip-t46u::::::::
Vendors & Products		Yealink Yealink sip-t46u
References		http://cdn2.v50to.cc/T46U/T46U_beforewifitest_stack_overflow.zip https://vuldb.com/cve/CVE-2026-12218 https://vuldb.com/submit/834193 https://vuldb.com/vuln/370861 https://vuldb.com/vuln/370861/cti
Metrics		cvssV2_0 `{'score': 7.7, 'vector': 'AV:A/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Yealink Sip-t46u

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-15T04:15:10.808Z

Updated: 2026-06-15T04:15:10.808Z

Reserved: 2026-06-14T13:54:11.247Z

Link: CVE-2026-12218

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-15T06:16:22.673

Modified: 2026-06-15T06:16:22.673

Link: CVE-2026-12218

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-15T09:30:02Z

Weaknesses

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121
Stack-based Buffer Overflow

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object