CVE-2008-4875
Philips VOIP841 Firmware 1.0.4.800 - Multiple Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password.
Vulnerabilidad de salto de directorio en el servidor web en Philips Electronics VOIP841 DECT Phone con firmware v1.0.4.50 y v1.0.4.80 permite a usuarios remotamente autentificados leer archivos de su elección mediante un .. (punto punto) en una petición GET. NOTA: esto se puede utilizar con la CVE-2008-4874 para acceso no autentificado a archivos sensibles como (1) save.dat y (2) apply.log, que podrían contener otras credenciales como el nombre y contraseña de Skype.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-10-31 CVE Reserved
- 2008-10-31 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/42941 | Vdb Entry | |
| http://securityreason.com/securityalert/4536 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/488127/100/200/threaded | Mailing List | |
| http://www.securityfocus.com/bid/27790 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0583 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40534 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/5113 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28978 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Philips Electronics Search vendor "Philips Electronics" | Voip841 Dect Phone Search vendor "Philips Electronics" for product "Voip841 Dect Phone" | 1.0.4.48 Search vendor "Philips Electronics" for product "Voip841 Dect Phone" and version "1.0.4.48" | - |
Affected
| ||||||
| Philips Electronics Search vendor "Philips Electronics" | Voip841 Dect Phone Search vendor "Philips Electronics" for product "Voip841 Dect Phone" | 1.0.4.50 Search vendor "Philips Electronics" for product "Voip841 Dect Phone" and version "1.0.4.50" | - |
Affected
| ||||||