CVE-2026-12223 | Yealink SIP-T46U 108.86.0.118 Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf ip/port command injection

A vulnerability was found in Yealink SIP-T46U 108.86.0.118. It has been classified as critical. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection.

This vulnerability is referenced as CVE-2026-12223. The attack needs to be initiated within the local network. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-12223 | Yealink SIP-T46U 108.86.0.118 Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf ip/port command injection

Post correlati

CVE-2024-7193 | Mp3tag up to 3.26d DLL tak_deco_lib.dll uncontrolled search path

CVE-2024-13606 | rabilal JS Help Desk Plugin up to 2.8.8 on WordPress File Attachment jssupportticketdata information disclosure

CVE-2024-9649 | WP ULike Plugin up to 4.7.4 on WordPress cross-site request forgery

CVE-2025-14868 | shahinurislam Career Section Plugin up to 1.6 on WordPress appform_options_page_html path traversal