Description
A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs to be done within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-15
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack‑based buffer overflow exists in the mod_webd.BlueToothTest function of the Web FastCGI Service on Yealink SIP‑T46U firmware 108.86.0.118. The overflow can corrupt stack data when processing the btMac, pin, or reserved arguments, potentially allowing an attacker to execute arbitrary code on the device. The vulnerability maps to CWE‑119 and CWE‑121 and could result in a full compromise of the device’s operating system if successfully exploited.

Affected Systems

Yealink SIP‑T46U models running firmware version 108.86.0.118 are affected. No other products or versions were identified as vulnerable in the available data.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity. The exploit is publicly disclosed and requires local network access, making it feasible for attackers with physical or private network proximity. EPSS data is not available, but the presence of a public exploit and lack of a KEV listing suggest that the likelihood of exploitation is significant in environments where the device is reachable over the local network.

Generated by OpenCVE AI on June 15, 2026 at 07:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update supplied by Yealink that addresses the Web FastCGI Service buffer overflow.
  • If a patch is not yet available, block or disable the /api/inner/bttest endpoint or the entire Web FastCGI Service on affected devices.
  • Segment the device on a separate local network or restrict local network access to management interfaces to remove the ability to send crafted requests.

Generated by OpenCVE AI on June 15, 2026 at 07:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 06:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs to be done within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title Yealink SIP-T46U Web FastCGI Service bttest mod_webd.BlueToothTest stack-based overflow
First Time appeared Yealink
Yealink sip-t46u
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:yealink:sip-t46u:*:*:*:*:*:*:*:*
Vendors & Products Yealink
Yealink sip-t46u
References
Metrics cvssV2_0

{'score': 7.7, 'vector': 'AV:A/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Yealink Sip-t46u
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-15T05:15:09.045Z

Reserved: 2026-06-14T13:54:21.407Z

Link: CVE-2026-12222

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-15T06:16:24.413

Modified: 2026-06-15T06:16:24.413

Link: CVE-2026-12222

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-15T07:30:31Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-121

    Stack-based Buffer Overflow