Stack-based Buffer Overflow in Yealink SIP-T46U Firmware Chunk Upload Handler

Successful exploitation can cause memory corruption in the affected process and may lead to compromise of confidentiality, integrity, and availability on the device. Based on the provided scoring context, the expected impact is high across all three dimensions. Depending on exploit reliability and runtime conditions, the overflow could enable code execution in the context of the vulnerable service, device instability, or process/service crash.

Restrict access to the affected device management and upgrade interface to trusted administrative hosts only, and prevent reachability from untrusted segments even within the local network. Segment VoIP devices onto dedicated management or voice VLANs, enforce ACLs/firewall rules around /api/upgrade/upgrade exposure, disable or tightly control firmware upload functionality where operationally feasible, and monitor for suspicious requests targeting firmware chunk upload parameters such as uid and start_offset. Given the existence of a public exploit, prioritize compensating controls until a fixed firmware is available.

Upgrade to a vendor-fixed firmware release if and when Yealink publishes one for SIP-T46U. Because the provided content identifies version 108.86.0.118 as affected but does not specify a fixed version, the exact remediation version is currently not available. Review vendor advisories and validate whether /api/upgrade/upgrade input handling for uid/start_offset has been corrected, specifically replacing unsafe sprintf usage with bounded formatting and proper length validation.