CVE-2013-5755

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1780%

EPSS Percentile38.52th

PublishedJul 16, 2014

Last ModifiedMay 6, 2026

Vulnerability Description

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.

Affected Platforms (CPE)

🔌

Yealink

Sip T38g

All versions

References & Advisories

🔗 http://www.exploit-db.com/exploits/33739

Related Vulnerabilities

CVE-2013-57589.0

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling th...

CVE-2013-57564.0

Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a ....

CVE-2013-57574.0

Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via...

CVE-2026-48777

FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are ...