Skip to main content

Sip T38G

4 CVEs product

Monthly

CVE-2013-5758 CRITICAL POC THREAT Emergency

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.7%.

Command Injection Sip T38G
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
11.7%
CVE-2013-5757 MEDIUM POC This Month

Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Sip T38G
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
9.5%
CVE-2013-5756 MEDIUM POC This Month

Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Sip T38G
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
7.9%
CVE-2013-5755 CRITICAL POC THREAT Emergency

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%.

Authentication Bypass Sip T38G
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
15.4%
Threat
4.0
EPSS 12% CVSS 9.0
CRITICAL POC THREAT Emergency

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.7%.

Command Injection Sip T38G
NVD Exploit-DB
EPSS 10% CVSS 4.0
MEDIUM POC This Month

Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Sip T38G
NVD Exploit-DB
EPSS 8% CVSS 4.0
MEDIUM POC This Month

Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Sip T38G
NVD Exploit-DB
EPSS 15% 4.0 CVSS 10.0
CRITICAL POC THREAT Emergency

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%.

Authentication Bypass Sip T38G
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy