Remote Command Execution in Yealink VoIP Phone SIP-T38G
CVE-2013-5758

Currently unrated

Key Information:

Vendor: Yealink
Status: Sip-t38g
Vendor: CVE Published:; 3 August 2014

What is CVE-2013-5758?

The Yealink VoIP Phone SIP-T38G has a vulnerability that enables authenticated remote users to execute arbitrary commands via the cgi-bin/cgiServer.exx interface. This flaw can be exploited to run unauthorized services, manipulate directory permissions, and alter files, posing serious security risks to user data and device integrity. Proper mitigation measures should be implemented to safeguard against potential breaches that exploit this vulnerability.

References

http://www.osvdb.org/108080

vdb-entryx_refsource_OSVDB

http://packetstormsecurity.com/files/127096/Yealink-VoIP-...

x_refsource_MISC

http://packetstormsecurity.com/files/127093/Yealink-VoIP-...

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2014
Vulnerability Reserved
Sep 18, 2013