Lucene search

[email protected]CVE-2013-5758

HistoryAug 03, 2014 - 6:55 p.m.

CVE-2013-5758

2014-08-0318:55:04

CWE-78

[email protected]

web.nvd.nist.gov

cve-2013-5758

remote execution

yealink

voip

sip

command injection

security vulnerability

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.1%

JSON

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.

Affected configurations

NVD

Node

yealinksip-t38gMatch-

CPENameOperatorVersion
yealink:sip-t38gyealink sip-t38geq-

CPE	Name	Operator	Version
yealink:sip-t38g	yealink sip-t38g	eq	-

References

packetstormsecurity.com/files/127093/Yealink-VoIP-Phone-SIP-T38G-Privilege-Escalation.html

packetstormsecurity.com/files/127096/Yealink-VoIP-Phone-SIP-T38G-Remote-Command-Execution.html

www.exploit-db.com/exploits/33741

www.exploit-db.com/exploits/33742

www.osvdb.org/108080

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.1%

JSON

Related for CVE-2013-5758

prion2 cvelist1 nvd2 exploitpack2 seebug2 packetstorm2 cve1 exploitdb2 zdt1 openvas1