Computer Security
[EN] securityvulns.ru no-pyccku


Yealink VoIP phones security vulnerabilities
Published:13.06.2014
Source:
SecurityVulns ID:13819
Type:remote
Threat Level:
4/10
Description:Crossite scripting, CRLF injection.
CVE:CVE-2014-3428 (Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet.)
 CVE-2014-3427 (CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.)
Original documentdocumentjoquendo_(at)_e-fensive.net, CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones (13.06.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod