Directory Traversal Vulnerability in Yealink VoIP Phone SIP-T38G
CVE-2013-5756

Currently unrated

Key Information:

Vendor: Yealink
Status: Sip-t38g
Vendor: CVE Published:; 3 August 2014

What is CVE-2013-5756?

A directory traversal vulnerability exists in Yealink VoIP Phone SIP-T38G, allowing remote authenticated users to exploit the system by manipulating parameters within URLs. This flaw enables attackers to access arbitrary files on the server, potentially exposing sensitive information. The vulnerability arises from improper handling of user-supplied input in the page parameter, permitting traversal up the directory structure.

References

http://www.exploit-db.com/exploits/33740

exploitx_refsource_EXPLOIT-DB

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 3, 2014
Vulnerability Reserved
Sep 18, 2013