Remote Command Execution in Yealink VoIP Phone SIP-T38G
CVE-2013-5758 · HIGH Severity
AV:N/AC:L/AU:S/C:C/I:C/A:C
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
Learn more about our Cis Benchmark Audit For Server Software.