NVD

Id
4664  
Name
CVE-2008-4875  
Description
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:C/I:N/A:N)  
Pub Date
2017-01-03  
Published
2008-11-01  
Modified Date
2011-03-07  
Seq
2008-4875  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
29261 4664 CVE-2008-4875 4536  View
29262 4664 CVE-2008-4875 5113  View
29263 4664 CVE-2008-4875 20080214 Philips VOIP841 Multiple Vulnerabilities  View
29264 4664 CVE-2008-4875 27790  View
29265 4664 CVE-2008-4875 ADV-2008-0583  View
29266 4664 CVE-2008-4875 voip841-saveapply-insecure-permissions(40534)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
49696 JVNDB-2008-005006 Philips Electronics VOIP841 DECT Phone の Web サーバにおけるディレクトリトラバーサルの脆弱性 Philips Electronics VOIP841 DECT Phone の Web サーバには、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2008-4875 34988 CVE-2008-4875 4664 6.8 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005006.html 2008-11-01 2012-09-25 View