Philips Electronics Voip841 Dect Phone vulnerabilities
3 known vulnerabilities affecting philips_electronics/voip841_dect_phone.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2008-4875P3MEDIUMCVSS 6.8PoCv1.0.4.48v1.0.4.502008-11-01
CVE-2008-4875 [MEDIUM] CVE-2008-4875: Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with f
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, whi
nvd
CVE-2008-4874P4MEDIUMCVSS 5.0PoCv1.0.4.48v1.0.4.502008-11-01
CVE-2008-4874 [MEDIUM] CWE-255 CVE-2008-4874: The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has
The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access.
nvd
CVE-2008-4876P4MEDIUMCVSS 4.3PoCv1.0.4.48v1.0.4.502008-11-01
CVE-2008-4876 [MEDIUM] CWE-79 CVE-2008-4876: Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841
Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page.
nvd