Remote Command Execution in Yealink VoIP Phone SIP-T38G

Remote Command Execution in Yealink VoIP Phone SIP-T38G

CVE-2013-5758 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.

Learn more about our Cis Benchmark Audit For Server Software.