CVE-2014-3427

Published: 16/07/2014 Updated: 09/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
yealink voip phone firmware 28.72.0.2

source: wwwsecurityfocuscom/bid/68022/info Yealink VoIP Phones are prone to an HTTP-response-splitting vulnerability because it fails to properly sanitize user-supplied input An attacker may leverage this issue to influence how web content is served, cached, or interpreted This could aid in various attacks that try to entice client use ...

Yealink VoIP Phones suffer from CRLF injection and cross site scripting vulnerabilities This affects firmware version 287202 and hardware version 2820128000 ...

NVD-CWE-Other http://seclists.org/fulldisclosure/2014/Jun/74 http://packetstormsecurity.com/files/127081/Yealink-VoIP-Phones-XSS-CRLF-Injection.html http://www.securityfocus.com/archive/1/532410/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/39334/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3427

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect