Lucene search
HistoryAug 03, 2014 - 6:55 p.m.
CVE-2013-5757
c02
yealink
voip
phone
sip
t38g
absolute path traversal
vulnerability
remote authenticated users
read arbitrary files
full pathname
dumpconfigfile function
cgi
cgi server
cve-2013-5757
nvd
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.5%
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.
Affected configurations
Node
yealinksip-t38gMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| yealink:sip-t38g | yealink sip-t38g | eq | - |
References
Related
cvelist
cvelist
CVE-2013-5757
2014-08-03 18:00:00
prion
prion
Path traversal
2014-08-03 18:55:00
nvd
nvd
CVE-2013-5757
2014-08-03 18:55:04
packetstorm
packetstorm
Yealink VoIP Phone SIP-T38G Local File Inclusion
2014-06-13 00:00:00
exploitpack
exploitpack
Yealink VoIP Phone SIP-T38G - Local File Inclusion
2014-06-13 00:00:00
seebug
seebug
Yealink VoIP Phone SIP-T38G - Local File Inclusion
2014-07-01 00:00:00
exploitdb
exploitdb
Yealink VoIP Phone SIP-T38G - Local File Inclusion
2014-06-13 00:00:00
openvas
openvas
Yealink VoIP Phone SIP-T38G Multiple Vulnerabilities
2014-06-20 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.5%
Related for CVE-2013-5757