22 matches found
VulnCheck KEV: CVE-2013-5758
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...
CVE-2013-5758
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...
CVE-2013-5756
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. dot dot in the page parameter to cgi-bin/cgiServer.exx...
CVE-2013-5757
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx...
Path traversal
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx...
Cross site request forgery (csrf)
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...
Directory traversal
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. dot dot in the page parameter to cgi-bin/cgiServer.exx...
CVE-2013-5756
The provided sources confirm CVE-2013-5756 affects Yealink VoIP Phone SIP-T38G via a directory traversal in the web interface (cgi-bin/cgiServer.exx). An authenticated remote attacker can read arbitrary files by supplying a crafted …/ page parameter, enabling access to sensitive files such as /et...
CVE-2013-5758
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...
CVE-2013-5757
Yealink VoIP Phone SIP-T38G is affected by CVE-2013-5757 (absolute path traversal) via the cgiServer.exx command parameter (dumpConfigFile). The vulnerability allows remote authenticated users to read arbitrary files by supplying a full pathname, with corroborating references describing /etc/pass...
CVE-2013-5755
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of 1 user s7C9Cx.rLsWFA for the user account, 2 admin uoCbM.VEiKQto for the admin account, and 3 var jhl3iZAe./qXM for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors...
Hardcoded credentials
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of 1 user s7C9Cx.rLsWFA for the user account, 2 admin uoCbM.VEiKQto for the admin account, and 3 var jhl3iZAe./qXM for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors...
CVE-2013-5755
CVE-2013-5755 affects Yealink IP Phone SIP-T38G. The public records disclose a hardcoded credential issue in the web interface: config/.htpasswd contains user (s7C9Cx.rLsWFA), admin (uoCbM.VEiKQto), and var (jhl3iZAe./qXM) passwords, enabling remote access via unspecified vectors. Connected sourc...
CVE-2013-5755
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of 1 user s7C9Cx.rLsWFA for the user account, 2 admin uoCbM.VEiKQto for the admin account, and 3 var jhl3iZAe./qXM for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors...
Yealink VoIP Phone SIP-T38G - Local File Inclusion
No description provided by source. Title: Yealink VoIP Phone SIP-T38G Local File Inclusion Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: http://www.yealink.com/Companyprofile.aspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5756, CVE-2013-5757 Description: Web interface...
Yealink VoIP Phone SIP-T38G Multiple Vulnerabilities
Yealink VoIP Phone devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Yealink VoIP Phone SIP-T38G - Local File Inclusion
Yealink VoIP Phone SIP-T38G - Local File Inclusion Title: Yealink VoIP Phone SIP-T38G Local File Inclusion Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: http://www.yealink.com/Companyprofile.aspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5756, CVE-2013-5757 Description: We...
Yealink VoIP Phone SIP-T38G - Privilege Escalation
Title: Yealink VoIP Phone SIP-T38G Privileges Escalation Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: http://www.yealink.com/Companyprofile.aspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5759 Description: Using the fact that cgiServer.exx run under the root privileges we...
Yealink VoIP Phone SIP-T38G Privilege Escalation
Title: Yealink VoIP Phone SIP-T38G Privileges Escalation Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: http://www.yealink.com/Companyprofile.aspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5759 Description: Using the fact that cgiServer.exx run under the root privileges we...
Yealink VoIP Phone SIP-T38G - Remote Command Execution
Title: Yealink VoIP Phone SIP-T38G Remote Command Execution Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: http://www.yealink.com/Companyprofile.aspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5758 Description: Using cgiServer.exx we are able to send OS command using the...