GCVE - cpe:2.3:h:yealink:sip-t38g:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:yealink:sip-t38g:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Yealink (`bb00dccf-901c-54fe-84ea-6136ece47bd5`)
Product	Sip T38G (`1291c530-eae5-5ad5-ba40-ea2126642101`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-5758`	vulnerable	2026-06-03 14:33:23.102780	Details available cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files. Published: 2014-08-03T18:00:00.000Z Updated: 2024-08-06T17:22:30.951Z Open on db.gcve.eu Reference links http://www.osvdb.org/108080 http://packetstormsecurity.com/files/127096/Yealink-VoIP-Phone-SIP-T38G-Remote-Command-Execution.html http://packetstormsecurity.com/files/127093/Yealink-VoIP-Phone-SIP-T38G-Privilege-Escalation.html http://www.exploit-db.com/exploits/33741 http://www.exploit-db.com/exploits/33742	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5757`	vulnerable	2026-06-03 14:33:23.102463	Details available Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx. Published: 2014-08-03T18:00:00.000Z Updated: 2024-08-06T17:22:30.620Z Open on db.gcve.eu Reference links http://www.exploit-db.com/exploits/33740	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5756`	vulnerable	2026-06-03 14:33:23.102182	Details available Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx. Published: 2014-08-03T18:00:00.000Z Updated: 2024-08-06T17:22:30.124Z Open on db.gcve.eu Reference links http://www.exploit-db.com/exploits/33740	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5755`	vulnerable	2026-06-03 14:33:23.101829	Details available config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors. Published: 2014-07-16T14:00:00.000Z Updated: 2024-08-06T17:22:30.892Z Open on db.gcve.eu Reference links http://www.exploit-db.com/exploits/33739	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.