CVE-2026-12218 - CERT CVE
ID CVE-2026-12218
Sažetak A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local network is required for this attack. The exploit is now public and may be used. The vendor was contacted early about this disclosure and is working on a patch to fix it.
Reference
CVSS
Base: 7.7
Impact: 10.0
Exploitability:5.1
Pristup
VektorSloženostAutentikacija
ADJACENT_NETWORK LOW SINGLE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE COMPLETE COMPLETE
CVSS vektor AV:A/AC:L/Au:S/C:C/I:C/A:C
Zadnje važnije ažuriranje 27-06-2026 - 06:16
Objavljeno 15-06-2026 - 06:16