CVE-2008-4876

Philips Electronics VOIP841 DECT Phone - Cross-Site Scripting via Request URL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4876. PoCs published by ikki.

AI-analyzed exploit summary This document details multiple vulnerabilities in Philips VOIP841 devices, including a hidden admin account, directory traversal, XSS, and insecure credential storage. It provides technical proof of exploitation via HTTP requests and file paths.

Description

Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ikki · textremotehardware

https://www.exploit-db.com/exploits/5113

View Code ZIP pw:eip

This document details multiple vulnerabilities in Philips VOIP841 devices, including a hidden admin account, directory traversal, XSS, and insecure credential storage. It provides technical proof of exploitation via HTTP requests and file paths.

Classification

Writeup 90%

Attack Type

Info Leak | Auth Bypass | Xss

Complexity

Trivial

Reliability

Reliable

Target: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 (simple httpd)

Auth required

Prerequisites: Network access to the device · Basic authentication credentials for directory traversal

MITRE ATT&CK