CVE-2026-12220
HighCVSS 8.0Exploitation Probability (EPSS)
Low risk29th percentile - higher than 29% of all known CVEs
Summary
A stack-based buffer overflow vulnerability has been found in Yealink SIP-T46U firmware version 108.86.0.118. The issue affects the mod_upgrade.SparePartsUpload function in the /api/upgrade/accupgradebychunk file, where manipulation of the uid argument can cause a buffer overflow. The attack requires local network access and exploit details have been publicly disclosed.
Risk Assessment
The risk involves potential remote code execution or device destabilization by an attacker on the local network, which could lead to device takeover and potential breach of call confidentiality.
Recommendation
It is recommended to immediately restrict access to the device management interface to trusted networks only and monitor for vendor updates. Apply the patch as soon as it is released.
Original NVD description (English source)
A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure and is working on a patch to fix it.

