CVE-2013-5758
CVE-2013-5758
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
Affected products
n/a · n/apublic PoCs found — 6
cve_referencepacketstormsecurity.com/files/127093/Yealink-VoIP-Phone-SIP-T38G-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/127096/Yealink-VoIP-Phone-SIP-T38G-Remote-Command-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/33741unverifiedcve_referencewww.exploit-db.com/exploits/33742unverifiedexploitdbwww.exploit-db.com/exploits/33742unverifiedexploitdbwww.exploit-db.com/exploits/33741unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/127093/Yealink-VoIP-Phone-SIP-T38G-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/127096/Yealink-VoIP-Phone-SIP-T38G-Remote-Command-Execution.htmlhttp://www.exploit-db.com/exploits/33741http://www.exploit-db.com/exploits/33742http://www.osvdb.org/108080