Absolute Path Traversal Vulnerability in Yealink SIP-T38G VoIP Phone
CVE-2013-5757

Currently unrated

Key Information:

Vendor: Yealink
Status: Sip-t38g
Vendor: CVE Published:; 3 August 2014

What is CVE-2013-5757?

The Yealink VoIP Phone SIP-T38G is susceptible to an absolute path traversal vulnerability, which permits remote authenticated users to read arbitrary files on the device. This is achieved through the 'dumpConfigFile' function within the 'cgiServer.exx' script, allowing an attacker to manipulate the command parameter to access sensitive data using a full pathname.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.exploit-db.com/exploits/33740

exploitx_refsource_EXPLOIT-DB

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 3, 2014
Vulnerability Reserved
Sep 18, 2013

JSON

Yealink

What is CVE-2013-5757?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.