CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T10:43:05.834Z
Reserved: 2014-05-07T00:00:00
Link: CVE-2014-3427

No data.

Status : Deferred
Published: 2014-07-16T14:19:02.997
Modified: 2025-04-12T10:46:40.837
Link: CVE-2014-3427

No data.