Published: 01/11/2008 Updated: 11/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.9 | Exploitability Score: 8

VMScore: 685

Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N

Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
philips electronics voip841 dect phone 1.0.4.50
philips electronics voip841 dect phone 1.0.4.48

:[ Philips VOIP841 Multiple Vulnerabilities ]: Luca "ikki" Carettoni - lucacarettoni@ikkisoftcom Systems affected: Philips VOIP841, Firmware Version 10450 and 10480, Web Server Version 15 (simple httpd) Systems not affected: n/a (a) Hidden Administration Account (web management console) service:service (b) Directory Listing, Director ...

CWE-22 http://www.securityfocus.com/bid/27790 http://secunia.com/advisories/28978 http://securityreason.com/securityalert/4536 http://osvdb.org/42941 http://www.vupen.com/english/advisories/2008/0583 https://exchange.xforce.ibmcloud.com/vulnerabilities/40534 https://www.exploit-db.com/exploits/5113 http://www.securityfocus.com/archive/1/488127/100/200/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/5113/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-4875

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect