Chichen241

**Name of the Vulnerable Software and Affected Versions** Yealink SIP-T46U version 108.86.0.118 **Description** Command injection is possible in the Web FastCGI Service via the `mod webd.TFTPUploadIperf` function within the '/api/inner/tftpuploadiperf' endpoint. This occurs when the `ip/port` argument is manipulated. The attack must be initiated from within the local network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yealink SIP-T46U version 108.86.0.118 **Description** A stack-based buffer overflow exists in the Web FastCGI Service component within the `mod webd.BlueToothTest()` function of the `/api/inner/bttest` endpoint. This issue occurs when manipulating the `btMac`, `pin`, or `reserved` arguments. Exploitation requires the attacker to be located within the local network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.