CVE-2008-4875
published 2008-11-01CVE-2008-4875: Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated…
PriorityP337medium6.8CVSS 2.0
AVNACLAuSCCINAN
EXPLOIT
EPSS
3.14%
86.3th percentile
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| philips_electronics | voip841_dect_phone | — | — |
| philips_electronics | voip841_dect_phone | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/42941http://secunia.com/advisories/28978http://securityreason.com/securityalert/4536http://www.securityfocus.com/archive/1/488127/100/200/threadedhttp://www.securityfocus.com/bid/27790http://www.vupen.com/english/advisories/2008/0583https://exchange.xforce.ibmcloud.com/vulnerabilities/40534https://www.exploit-db.com/exploits/5113http://osvdb.org/42941http://secunia.com/advisories/28978http://securityreason.com/securityalert/4536http://www.securityfocus.com/archive/1/488127/100/200/threadedhttp://www.securityfocus.com/bid/27790http://www.vupen.com/english/advisories/2008/0583https://exchange.xforce.ibmcloud.com/vulnerabilities/40534https://www.exploit-db.com/exploits/5113
2008-11-01
Published