Authentication Bypass Vulnerability in Yealink IP Phone SIP-T38G
CVE-2013-5755

Currently unrated

Key Information:

Vendor: Yealink
Status: Sip-t38g
Vendor: CVE Published:; 16 July 2014

What is CVE-2013-5755?

The Yealink IP Phone SIP-T38G contains hardcoded passwords for user, admin, and var accounts, making it susceptible to unauthorized access by remote attackers. The presence of these passwords exposes the device to various attack vectors, allowing potential exploitation of sensitive configurations within the phone, thereby compromising network security.

References

http://www.exploit-db.com/exploits/33739

exploitx_refsource_EXPLOIT-DB

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 16, 2014
Vulnerability Reserved
Sep 18, 2013