Check CVE Id
Check CWE Id
'Voip841 dect phone'
Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 18.104.22.168 and 22.214.171.124 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page.
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 126.96.36.199 and 188.8.131.52 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password.
The web component in Philips Electronics VOIP841 DECT Phone with firmware 184.108.40.206 and 220.127.116.11 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access.
Back to Top