Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbMr.Un1k0d3rEDB-ID:33739
HistoryJun 13, 2014 - 12:00 a.m.

Yealink VoIP Phone SIP-T38G - Default Credentials

2014-06-1300:00:00
Mr.Un1k0d3r
www.exploit-db.com
27

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.048 Low

EPSS

Percentile

92.7%

JSON
Title: Yealink VoIP Phone SIP-T38G Default Credentials
Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team
Vendor Homepage: http://www.yealink.com/Companyprofile.aspx
Version: VoIP Phone SIP-T38G
CVE: CVE-2013-5755

Description:

Web interface use hardcoded default credential in /config/.htpasswd


user:s7C9Cx.rLsWFA admin:uoCbM.VEiKQto var:jhl3iZAe./qXM

Here's the cleartext password for these accounts:

user:user
admin:admin
var:var

-- 
*Mr.Un1k0d3r** or 1 #*

Related

cve 1
prion 1
nvd 1
packetstorm 2
cvelist 1
seebug 2
exploitpack 2
exploitdb 1
zdt 1
openvas 1
cve
cve
CVE-2013-5755
2014-07-16 14:19:02
prion
prion
Hardcoded credentials
2014-07-16 14:19:00
nvd
nvd
CVE-2013-5755
2014-07-16 14:19:02
packetstorm
packetstorm
Yealink VoIP Phone SIP-T38G Default Credentials
2014-06-13 00:00:00
Yealink VoIP Phone SIP-T38G Remote Command Execution
2014-06-13 00:00:00
cvelist
cvelist
CVE-2013-5755
2014-07-16 14:00:00
seebug
seebug
Yealink VoIP Phone SIP-T38G - Default Credentials
2014-07-01 00:00:00
Yealink VoIP Phone SIP-T38G - Remote Command Execution
2014-07-01 00:00:00
exploitpack
exploitpack
Yealink VoIP Phone SIP-T38G - Default Credentials
2014-06-13 00:00:00
Yealink VoIP Phone SIP-T38G - Remote Command Execution
2014-06-13 00:00:00
exploitdb
exploitdb
Yealink VoIP Phone SIP-T38G - Remote Command Execution
2014-06-13 00:00:00
zdt
zdt
Yealink VoIP Phone SIP-T38G - Multiple Vulnerabilities
2014-06-14 00:00:00
openvas
openvas
Yealink VoIP Phone SIP-T38G Multiple Vulnerabilities
2014-06-20 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.048 Low

EPSS

Percentile

92.7%

JSON
Related for EDB-ID:33739
cve1prion1nvd1packetstorm2cvelist1seebug2exploitpack2exploitdb1zdt1openvas1