Directory Traversal Vulnerability in Yealink VoIP Phone SIP-T38G
CVE-2013-5756

Currently unrated

Key Information:

Vendor: Yealink
Status: Sip-t38g
Vendor: CVE Published:; 3 August 2014

Badges

👾 Exploit Exists

What is CVE-2013-5756?

A directory traversal vulnerability exists in Yealink VoIP Phone SIP-T38G, allowing remote authenticated users to exploit the system by manipulating parameters within URLs. This flaw enables attackers to access arbitrary files on the server, potentially exposing sensitive information. The vulnerability arises from improper handling of user-supplied input in the page parameter, permitting traversal up the directory structure.

References

http://www.exploit-db.com/exploits/33740

exploitx_refsource_EXPLOIT-DB

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 3, 2014
👾
Exploit known to exist
Aug 3, 2014
Vulnerability published
Aug 3, 2014
Vulnerability Reserved
Sep 18, 2013

CVE-2013-5756 Data

JSON