EIP-2026-102013

PRE-CVE

Snom IP Phone Web Interface < 8 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102013. PoCs published by Yakir Wizman.

AI-analyzed exploit summary This is a technical writeup detailing XSS and data disclosure vulnerabilities in Snom IP Phone web interfaces. It explains how an attacker can inject JavaScript via the address book and disclose SIP credentials via a direct URL access.

Description

Snom IP Phone Web Interface < 8 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by Yakir Wizman · textwebappshardware

https://www.exploit-db.com/exploits/17215

View Code ZIP pw:eip

This is a technical writeup detailing XSS and data disclosure vulnerabilities in Snom IP Phone web interfaces. It explains how an attacker can inject JavaScript via the address book and disclose SIP credentials via a direct URL access.

Classification

Writeup 90%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Snom IP Phone (versions 300, 360)

No auth needed

Prerequisites: Network access to the Snom IP Phone web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026