CVE-2008-4874

Philips Electronics VOIP841 DECT Phone - Hardcoded Backdoor Account

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4874. PoCs published by ikki.

AI-analyzed exploit summary This document details multiple vulnerabilities in Philips VOIP841 devices, including a hidden admin account, directory traversal, XSS, and insecure credential storage. It provides technical proof of exploitation via HTTP requests and file paths.

Description

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ikki · textremotehardware

https://www.exploit-db.com/exploits/5113

View Code ZIP pw:eip

This document details multiple vulnerabilities in Philips VOIP841 devices, including a hidden admin account, directory traversal, XSS, and insecure credential storage. It provides technical proof of exploitation via HTTP requests and file paths.

Classification

Writeup 90%

Attack Type

Info Leak | Auth Bypass | Xss

Complexity

Trivial

Reliability

Reliable

Target: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 (simple httpd)

Auth required

Prerequisites: Network access to the device · Basic authentication credentials for directory traversal

MITRE ATT&CK