Published: 16/07/2014 Updated: 26/05/2016

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote malicious users to obtain access via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
yealink sip-t38g -

Title: Yealink VoIP Phone SIP-T38G Default Credentials Author: MrUn1k0d3r & DorethZ10 From RingZer0 Team Vendor Homepage: wwwyealinkcom/Companyprofileaspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5755 Description: Web interface use hardcoded default credential in /config/htpasswd user:s7C9CxrLsWFA admin:uoCbMVEiKQto var:jhl ...

Yealink VoIP phone version SIP-T38G suffers from a remote command execution vulnerability ...

Yealink VoIP phone version SIP-T38G suffers from having default credentials that are also easily guessable ...

CWE-255 http://www.exploit-db.com/exploits/33739 https://nvd.nist.gov https://www.exploit-db.com/exploits/33739/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-5755

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect