CVE-2013-5758

Name of the Vulnerable Software and Affected Versions Yealink VoIP Phone SIP-T38G

Description The issue allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request. This can be used to run unauthorized services, change directory permissions, and modify files.

Recommendations For Yealink VoIP Phone SIP-T38G, consider restricting access to the cgi-bin/cgiServer.exx to prevent unauthorized command execution until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.