CVE-2013-5756

MEDIUM

4.0

CVSS Severity Score

EPSS Score0.1890%

EPSS Percentile31.22th

PublishedAug 3, 2014

Last ModifiedMay 6, 2026

Vulnerability Description

Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.

Affected Platforms (CPE)

🔌

Yealink

Sip T38g

All versions

References & Advisories

🔗 http://www.exploit-db.com/exploits/33740

Related Vulnerabilities

CVE-2013-575510.0

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin...

CVE-2013-57589.0

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling th...

CVE-2013-57574.0

Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via...

CVE-2013-233510.0

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary cod...