CVE-2013-5758

🗓️ 03 Aug 2014 18:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 63 Views🌐 WEB

Arbitrary command execution in Yealink VoIP Phone SIP-T38G

Reporter	Title	Published	Views	Family All 15
0day.today	Yealink VoIP Phone SIP-T38G - Multiple Vulnerabilities	14 Jun 201400:00	–	zdt
Cvelist	CVE-2013-5758	3 Aug 201418:00	–	cvelist
Exploit DB	Yealink VoIP Phone SIP-T38G - Remote Command Execution	13 Jun 201400:00	–	exploitdb
Exploit DB	Yealink VoIP Phone SIP-T38G - Privilege Escalation	13 Jun 201400:00	–	exploitdb
exploitpack	Yealink VoIP Phone SIP-T38G - Remote Command Execution	13 Jun 201400:00	–	exploitpack
exploitpack	Yealink VoIP Phone SIP-T38G - Privilege Escalation	13 Jun 201400:00	–	exploitpack
NVD	CVE-2013-5758	3 Aug 201418:55	–	nvd
OpenVAS	Yealink VoIP Phone SIP-T38G Multiple Vulnerabilities	20 Jun 201400:00	–	openvas
Packet Storm	Yealink VoIP Phone SIP-T38G Privilege Escalation	13 Jun 201400:00	–	packetstorm
Packet Storm	Yealink VoIP Phone SIP-T38G Remote Command Execution	13 Jun 201400:00	–	packetstorm

NVD

Node

yealink sip-t38gMatch-

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/127093/Yealink-VoIP-Phone-SIP-T38G-Privilege-Escalation.html
packetstormsecurity	www.packetstormsecurity.com/files/127096/Yealink-VoIP-Phone-SIP-T38G-Remote-Command-Execution.html
osvdb	www.osvdb.org/108080
exploit-db	www.exploit-db.com/exploits/33742
exploit-db	www.exploit-db.com/exploits/33741

Parameter	Position	Path	Description	CWE
page	query param	cgi-bin/cgiServer.exx	Local file disclosure via LFI by referencing /etc/passwd or /etc/shadow through the page parameter on /cgi-bin/cgiServer.exx.	CWE-78
command	query param	cgi-bin/cgiServer.exx	Remote command execution by passing a command via the command parameter on /cgi-bin/cgiServer.exx.	CWE-78

06 May 2026 22:30Current

7.1High risk

Vulners AI Score7.1

CVSS 29

EPSS0.1174

cve-2013-5758 remote execution yealink voip sip command injection security vulnerability