Authentication Bypass Vulnerability in Yealink IP Phone SIP-T38G
CVE-2013-5755

Currently unrated

Key Information:

Vendor: Yealink
Status: Sip-t38g
Vendor: CVE Published:; 16 July 2014

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 15%

What is CVE-2013-5755?

The Yealink IP Phone SIP-T38G contains hardcoded passwords for user, admin, and var accounts, making it susceptible to unauthorized access by remote attackers. The presence of these passwords exposes the device to various attack vectors, allowing potential exploitation of sensitive configurations within the phone, thereby compromising network security.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-5755 - Proof of Concept

References

http://www.exploit-db.com/exploits/33739

exploitx_refsource_EXPLOIT-DB

EPSS Score

15% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 16, 2014
👾
Exploit known to exist
Jul 16, 2014
Vulnerability published
Jul 16, 2014
Vulnerability Reserved
Sep 18, 2013

CVE-2013-5755 Data

JSON