CVE-2008-4875

by Fred · 31/10/2008

Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password.

Date published : 2008-10-31

http://www.securityfocus.com/bid/27790

http://www.securityfocus.com/archive/1/488127/100/200/threaded

CVE-2008-4875

Related

Recent Posts

Categories

Latest CWE

CVE-2008-4875

Share this:

Related

Recent Posts

Categories

Tags

Latest CWE