A stack-based buffer overflow in the Yealink SIP-T46U upgrade handler exposes the device to potential compromise by attackers with local network access.

This is a stack-based buffer overflow in the sprintf function located in the /api/upgrade/upgrade file. Exploitation is possible by manipulating the uid/start_offset arguments within the Firmware Chunk Upload Handler.

The CVSS score of 8.0 confirms the high severity of this vulnerability. Successful exploitation could lead to full device compromise, potentially enabling an attacker to intercept communications or use the device as a pivot point within the local network.

Immediate Action: Apply firmware updates from Yealink as soon as they become available. Segment the management network to prevent unauthorized access to device API endpoints.

Proactive Monitoring: Review device access logs for frequent or malformed requests to the /api/upgrade/ path.

Compensating Controls: Implement network-level access control lists (ACLs) to ensure only authorized workstations can communicate with the SIP phone's management interface.

Public Exploit Available: true

Due to the public availability of an exploit, this vulnerability must be treated with high urgency. Administrators should isolate the device management interfaces and monitor for any suspicious traffic targeting the firmware upgrade handlers.