CVE Catalog

CVE-2026-12221

HighCVSS 8.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile - higher than 29% of all known CVEs

Summary

A stack-based buffer overflow vulnerability was found in Yealink SIP-T46U firmware version 108.86.0.118. The issue occurs in the sprintf function within the /api/upgrade/upgrade file when processing uid and start_offset arguments in the Firmware Chunk Upload Handler component. The attack requires local network access and the exploit has been made public.

Risk Assessment

Successful exploitation could lead to arbitrary code execution or device crash, potentially disrupting VoIP communications in the organization and exposing the network to further compromise.

Recommendation

Immediately restrict access to the device management interface to trusted networks only and apply temporary firewall rules blocking unauthorized requests to the /api/upgrade/upgrade endpoint. Once the vendor releases a patch, update the firmware promptly.

Original NVD description (English source)

A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/start_offset results in stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure and is working on a patch to fix it.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS