CVE-2008-4875

Name of the Vulnerable Software and Affected Versions Philips Electronics VOIP841 DECT Phone versions 1.0.4.50 through 1.0.4.80

Description The issue allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request to API endpoints such as / or other unspecified endpoints, by manipulating the file path variable. This can potentially expose sensitive files, including save.dat and apply.log, which may contain credentials like the Skype username and password.

Recommendations For versions 1.0.4.50 through 1.0.4.80, consider restricting access to sensitive files and directories to prevent unauthorized reading. As a temporary workaround, restrict access to the web server's GET request functionality until a patch is available.