cbcvebase.
CVE-2008-4875
published 2008-11-01

CVE-2008-4875: Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated…

PriorityP337medium6.8CVSS 2.0
AVNACLAuSCCINAN
EXPLOIT
EPSS
3.14%
86.3th percentile
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password.

Affected

2 ranges
VendorProductVersion rangeFixed in
philips_electronicsvoip841_dect_phone
philips_electronicsvoip841_dect_phone
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.