ID CVE-2013-5755
Summary config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:h:yealink:sip-t38g:-:*:*:*:*:*:*:*
    cpe:2.3:h:yealink:sip-t38g:-:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 26-05-2016 - 12:33)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
exploit-db 33739
Last major update 26-05-2016 - 12:33
Published 16-07-2014 - 14:19
Last modified 26-05-2016 - 12:33
Back to Top