Description
A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local network is required for this attack. The exploit is now public and may be used. The vendor was contacted early about this disclosure and is working on a patch to fix it.
Published: 2026-06-15
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow has been identified in the Web FastCGI Service of the Yealink SIP‑T46U 108.87.50.1 when an attacker manipulates the port argument of the StartReportInformation function. The vulnerability allows overwriting the return address on the stack, potentially leading to arbitrary code execution on the device. The flaw is currently publicly exploitable, as exploit code is available.

Affected Systems

Yealink SIP‑T46U 108.87.50.1 is affected. The vulnerable component is the Web FastCGI Service accessed through the /api/inner/beforewifittest endpoint. Only the specific model and firmware version mentioned in the report are confirmed to be impacted known to be vulnerable.

Risk and Exploitability

The CVSS score of 8.6 classifies this flaw as high severity. The EPSS score indicates a very low exploitation probability (< 1%), yet the availability of public exploit code raises the practical risk for organizations with exposed local network access. The issue is not listed in CISA’s KEV catalog. Attack requires local network connectivity and can be triggered by sending a crafted request to the vulnerable endpoint. Until an official patch is released, mitigating by restricting local network access to the endpoint or isolating the device is the most effective approach.

Generated by OpenCVE AI on June 27, 2026 at 07:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update or patch from Yealink that mitigates the stack-based overflow in the StartReportInformation function of the Web FastCGi Service.
  • Use firewall rules or ACLs to block or limit traffic to the /api/inner/beforewifittest endpoint from untrusted local IP ranges.
  • Place the SIP‑T46U on an isolated VLAN or network segment that is only reachable by trusted systems.
  • Continuously monitor device logs and network traffic for signs of exploitation attempts against the /api/inner/beforewifittest endpoint, and investigate any anomalies promptly.

Generated by OpenCVE AI on June 27, 2026 at 07:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 27 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local network is required for this attack. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local network is required for this attack. The exploit is now public and may be used. The vendor was contacted early about this disclosure and is working on a patch to fix it.
Metrics cvssV2_0

{'score': 7.7, 'vector': 'AV:A/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV2_0

{'score': 7.7, 'vector': 'AV:A/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:C'}

cvssV3_0

{'score': 8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C'}

cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C'}


Mon, 15 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 06:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local network is required for this attack. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Yealink SIP-T46U Web FastCGI Service beforewifitest StartReportInformation stack-based overflow
First Time appeared Yealink
Yealink sip-t46u
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:yealink:sip-t46u:*:*:*:*:*:*:*:*
Vendors & Products Yealink
Yealink sip-t46u
References
Metrics cvssV2_0

{'score': 7.7, 'vector': 'AV:A/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Yealink Sip-t46u
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-27T05:44:47.996Z

Reserved: 2026-06-14T13:54:11.247Z

Link: CVE-2026-12218

cve-icon Vulnrichment

Updated: 2026-06-15T10:33:03.336Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T06:16:22.673

Modified: 2026-06-15T20:42:32.707

Link: CVE-2026-12218

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T08:00:13Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-121

    Stack-based Buffer Overflow