Description
A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure and is working on a patch to fix it.
Published: 2026-06-15
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability was detected in Yealink SIP‑T46U firmware 108.86.0.118, targeting the mod_upgrade.SparePartsUpload routine within the /api/upgrade/accupgradebychunk endpoint of the Firmware Chunk Upload handler. By manipulating the uid argument, an attacker can trigger a stack‑based buffer overflow, which corrupts the stack and allows arbitrary code execution or privilege escalation on the device. This exploit requires local network access, has been publicly disclosed, and Yealink is developing a patch.

Affected Systems

The vulnerability affects Yealink SIP‑T46U units running firmware version 108.86.0.118. No other versions or related Yealink products are listed as impacted in the current data.

Risk and Exploitability

The CVSS a high severity; the attack requires local network access and relies on the target device processing a crafted request to the vulnerable endpoint. The EPSS score is < 1% (0.00371), and the flaw is not listed in CISA KEV. Because the exploit is publicly disclosed, an attacker with local network presence could initiate the overflow, resulting in potentially full device compromise.

Generated by OpenCVE AI on June 27, 2026 at 07:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware update provided by Yealink for the SIP‑T46U to patch the buffer overflow
  • If an immediate firmware upgrade is not feasible, disable or restrict the /api/upgrade/accupgradebychunk endpoint using the device’s firewall or access control settings
  • Monitor local network traffic for unexpected firmware upgrade requests and block any suspicious activity

Generated by OpenCVE AI on June 27, 2026 at 07:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 27 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure and is working on a patch to fix it.
Metrics cvssV2_0

{'score': 7.7, 'vector': 'AV:A/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV2_0

{'score': 7.7, 'vector': 'AV:A/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:C'}

cvssV3_0

{'score': 8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C'}

cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C'}


Mon, 15 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 06:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Yealink SIP-T46U Firmware Chunk Upload handler accupgradebychunk mod_upgrade.SparePartsUpload stack-based overflow
First Time appeared Yealink
Yealink sip-t46u
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:yealink:sip-t46u:*:*:*:*:*:*:*:*
Vendors & Products Yealink
Yealink sip-t46u
References
Metrics cvssV2_0

{'score': 7.7, 'vector': 'AV:A/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Yealink Sip-t46u
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-27T05:45:11.834Z

Reserved: 2026-06-14T13:54:16.276Z

Link: CVE-2026-12220

cve-icon Vulnrichment

Updated: 2026-06-15T15:52:54.236Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T06:16:24.113

Modified: 2026-06-15T20:42:32.707

Link: CVE-2026-12220

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T08:00:13Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-121

    Stack-based Buffer Overflow