CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2008-4874 – Philips VOIP841 Firmware 1.0.4.800 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-4874
The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access. El componente web en Philips Electronics VOIP841 DECT Phone with firmware v1.0.4.50 y v1.0.4.80 tiene una cuenta de "servicio" de puerta trasera con "service" como contraseña, lo que facilita a atacantes remotos obtener acceso. • https://www.exploit-db.com/exploits/5113 http://archives.neohapsis.com/archives/bugtraq/2008-02/0227.html http://osvdb.org/42940 http://secunia.com/advisories/28978 http://securityreason.com/securityalert/4536 http://www.securenetwork.it/ricerca/advisory/download/SN-2008-01.txt http://www.securityfocus.com/archive/1/488127/100/200/threaded http://www.securityfocus.com/bid/27790 http://www.vupen.com/english/advisories/2008/0583 • CWE-255: Credentials Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2008-4875 – Philips VOIP841 Firmware 1.0.4.800 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-4875
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password. Vulnerabilidad de salto de directorio en el servidor web en Philips Electronics VOIP841 DECT Phone con firmware v1.0.4.50 y v1.0.4.80 permite a usuarios remotamente autentificados leer archivos de su elección mediante un .. (punto punto) en una petición GET. • https://www.exploit-db.com/exploits/5113 http://osvdb.org/42941 http://secunia.com/advisories/28978 http://securityreason.com/securityalert/4536 http://www.securityfocus.com/archive/1/488127/100/200/threaded http://www.securityfocus.com/bid/27790 http://www.vupen.com/english/advisories/2008/0583 https://exchange.xforce.ibmcloud.com/vulnerabilities/40534 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2008-4876 – Philips VOIP841 Firmware 1.0.4.800 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-4876
Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente de servidor web en Philips Electronics VOIP841 DECT Phone con firmware v1.0.4.50 y v1.0.4.80 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante el URL pedido, lo que no se administra correctamente en una página de error web 404. • https://www.exploit-db.com/exploits/5113 http://secunia.com/advisories/28978 http://securityreason.com/securityalert/4536 http://www.securityfocus.com/archive/1/488127/100/200/threaded http://www.securityfocus.com/bid/27790 http://www.vupen.com/english/advisories/2008/0583 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •