Mr.Un1K0D3R

**Name of the Vulnerable Software and Affected Versions** Yealink VoIP Phone SIP-T38G version (affected versions not specified) **Description** A directory traversal issue allows remote authenticated users to read arbitrary files by using a .. (dot dot) in the `page` parameter to the "cgi-bin/cgiServer.exx" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yealink VoIP Phone SIP-T38G version (affected versions not specified) **Description** The issue concerns an absolute path traversal vulnerability. It allows remote authenticated users to read arbitrary files by providing a full pathname in the `dumpConfigFile` function, which is accessible through the `command` parameter to the "cgi-bin/cgiServer.exx" endpoint. **Recommendations** For Yealink VoIP Phone SIP-T38G, as a temporary workaround, consider restricting access to the `dumpConfigFile` function until a patch is available. Avoid using the `command` parameter in the "cgi-bin/cgiServer.exx" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yealink VoIP Phone SIP-T38G **Description** The issue allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request. This can be used to run unauthorized services, change directory permissions, and modify files. **Recommendations** For Yealink VoIP Phone SIP-T38G, consider restricting access to the cgi-bin/cgiServer.exx to prevent unauthorized command execution until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Yealink IP Phone SIP-T38G **Description** The issue concerns hardcoded passwords in the config/.htpasswd file of the Yealink IP Phone SIP-T38G. Specifically, the passwords are: `user` with password `s7C9Cx.rLsWFA`, `admin` with password `uoCbM.VEiKQto`, and `var` with password `jhl3iZAe./qXM`. This makes it easier for remote attackers to gain access via unspecified vectors. **Recommendations** For Yealink IP Phone SIP-T38G, change the hardcoded passwords for the `user`, `admin`, and `var` accounts to unique and secure passwords to prevent unauthorized access.