CVE-2008-4874 - The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has

CVE-2008-4874

Summary

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access.

References

Vulnerable Configurations

cpe:2.3:h:philips_electronics:voip841_dect_phone:1.0.4.48:*:*:*:*:*:*:*
cpe:2.3:h:philips_electronics:voip841_dect_phone:1.0.4.48:*:*:*:*:*:*:*
cpe:2.3:h:philips_electronics:voip841_dect_phone:1.0.4.50:*:*:*:*:*:*:*
cpe:2.3:h:philips_electronics:voip841_dect_phone:1.0.4.50:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-10-2018 - 20:53)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	27790
bugtraq	20080214 Philips VOIP841 Multiple Vulnerabilities 20080215 Re: Philips VOIP841 Multiple Vulnerabilities
exploit-db	5113
misc	http://www.securenetwork.it/ricerca/advisory/download/SN-2008-01.txt
osvdb	42940
secunia	28978
sreason	4536
vupen	ADV-2008-0583

Last major update

11-10-2018 - 20:53

Published

01-11-2008 - 06:00

Last modified

11-10-2018 - 20:53