Vulnerabilities > CVE-2008-4874 - Credentials Management vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
philips-electronics
CWE-255
exploit available

Summary

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionPhilips VOIP841 (Firmware <= 1.0.4.800) Multiple Vulnerabilities. CVE-2008-4874,CVE-2008-4875,CVE-2008-4876. Remote exploit for hardware platform
fileexploits/hardware/remote/5113.txt
idEDB-ID:5113
last seen2016-01-31
modified2008-02-14
platformhardware
port
published2008-02-14
reporterikki
sourcehttps://www.exploit-db.com/download/5113/
titlePhilips VOIP841 Firmware <= 1.0.4.800 Multiple Vulnerabilities
typeremote