CVE-2008-4875

Philips Electronics VOIP841 DECT Phone 1.0.4.50 and 1.0.4.80 - Authenticated Path Traversal via GET Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4875. PoCs published by ikki.

AI-analyzed exploit summary This document details multiple vulnerabilities in Philips VOIP841 devices, including a hidden admin account, directory traversal, XSS, and insecure credential storage. It provides technical proof of exploitation via HTTP requests and file paths.

Description

Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ikki · textremotehardware

https://www.exploit-db.com/exploits/5113

View Code ZIP pw:eip

This document details multiple vulnerabilities in Philips VOIP841 devices, including a hidden admin account, directory traversal, XSS, and insecure credential storage. It provides technical proof of exploitation via HTTP requests and file paths.

Classification

Writeup 90%

Attack Type

Info Leak | Auth Bypass | Xss

Complexity

Trivial

Reliability

Reliable

Target: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 (simple httpd)

Auth required

Prerequisites: Network access to the device · Basic authentication credentials for directory traversal

MITRE ATT&CK