A critical stack-based buffer overflow vulnerability in Yealink SIP-T46U firmware handling could allow attackers on the local network to compromise the device.

This is a stack-based buffer overflow in the mod_upgrade.SparePartsUpload function within the /api/upgrade/accupgradebychunk component. An attacker with local network access can trigger this by sending malicious data to the Firmware Chunk Upload handler.

With a CVSS score of 8.0, this vulnerability presents a high risk of unauthorized device control. Exploitation could allow an attacker to gain persistent access to telecommunications hardware, facilitating eavesdropping or further network lateral movement.

Immediate Action: Apply the latest firmware security updates provided by Yealink. If no update is available, isolate the device management interface from the general network.

Proactive Monitoring: Monitor network traffic for anomalous firmware upload attempts or unexpected API calls to the /api/upgrade/ endpoint.

Compensating Controls: Restrict access to the device's web management interface to trusted administrative IP addresses using network segmentation or ACLs.

Public Exploit Available: true

Given the availability of a public exploit and the potential for full device compromise, users must restrict access to the affected SIP phone's management interface immediately. Apply any available firmware patches from the manufacturer as soon as they are released.