Impact
A vulnerability affecting Yealink SIP‑T46U 108.86.0.118 involves the sprintf function in the /api/upgrade/upgrade component of the Firmware Chunk Upload Handler. Manipulating the uid and start_offset parameters can cause a stack‑based buffer overflow (CWE‑119 and CWE‑121), potentially enabling local attackers on the same network to execute arbitrary code. An exploit is publicly available, and Yealink is working on a patch.
Affected Systems
Yealink SIP‑T46U devices running firmware version 108.86.0.118 are affected; no other versions are listed by the CNA.
Risk and Exploitability
The CVSS score of 8.6 reflects a high severity. The EPSS score is < 1%, indicating a very low probability of exploitation, and the vulnerability is not in the CISA KEV list, yet an exploit is publicly available. Attackers must be within the local network to reach the vulnerable /api/upgrade/upgrade endpoint, but once accessed, the vulnerability can be triggered with crafted input.
OpenCVE Enrichment