CVE-2013-5757

MEDIUM

4.0

CVSS Severity Score

EPSS Score0.0620%

EPSS Percentile29.06th

Published2014年8月3日

Last Modified2026年5月6日

Vulnerability Description

Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.

Affected Platforms (CPE)

🔌

Yealink

Sip T38g

All versions

References & Advisories

🔗 http://www.exploit-db.com/exploits/33740

相关漏洞威胁

CVE-2013-575510.0

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin...

CVE-2013-57589.0

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling th...

CVE-2013-57564.0

Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a ....

CVE-2013-136810.0

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x befo...