Vulnerabilities > CVE-2014-3427 - Unspecified vulnerability in Yealink Voip Phone Firmware 28.72.0.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN yealink
exploit available
Summary
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Exploit-Db
| description | Yealink VoIP Phones '/servlet' HTTP Response Splitting Vulnerability. CVE-2014-3427. Webapps exploit for java platform |
| id | EDB-ID:39334 |
| last seen | 2016-02-04 |
| modified | 2014-06-12 |
| published | 2014-06-12 |
| reporter | Jesus Oquendo |
| source | https://www.exploit-db.com/download/39334/ |
| title | Yealink VoIP Phones '/servlet' HTTP Response Splitting Vulnerability |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/127081/yealink-crlfxss.txt |
| id | PACKETSTORM:127081 |
| last seen | 2016-12-05 |
| published | 2014-06-13 |
| reporter | Jesus Oquendo |
| source | https://packetstormsecurity.com/files/127081/Yealink-VoIP-Phones-XSS-CRLF-Injection.html |
| title | Yealink VoIP Phones XSS / CRLF Injection |
References
- http://packetstormsecurity.com/files/127081/Yealink-VoIP-Phones-XSS-CRLF-Injection.html
- http://packetstormsecurity.com/files/127081/Yealink-VoIP-Phones-XSS-CRLF-Injection.html
- http://seclists.org/fulldisclosure/2014/Jun/74
- http://seclists.org/fulldisclosure/2014/Jun/74
- http://www.securityfocus.com/archive/1/532410/100/0/threaded
- http://www.securityfocus.com/archive/1/532410/100/0/threaded