Absolute Path Traversal Vulnerability in Yealink SIP-T38G VoIP Phone
CVE-2013-5757

Currently unrated

Key Information:

Vendor: Yealink
Status: Sip-t38g
Vendor: CVE Published:; 3 August 2014

What is CVE-2013-5757?

The Yealink VoIP Phone SIP-T38G is susceptible to an absolute path traversal vulnerability, which permits remote authenticated users to read arbitrary files on the device. This is achieved through the 'dumpConfigFile' function within the 'cgiServer.exx' script, allowing an attacker to manipulate the command parameter to access sensitive data using a full pathname.

References

http://www.exploit-db.com/exploits/33740

exploitx_refsource_EXPLOIT-DB

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2014
Vulnerability Reserved
Sep 18, 2013