CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2014-3428 – Yealink VoIP Phones XSS / CRLF Injection
https://notcve.org/view.php?id=CVE-2014-3428
13 Jun 2014 — Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet. Vulnerabilidad de XSS en Yealink VoIP Phones con firmware 28.72.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro model en servlet. Yealink VoIP Phones suffer from CRLF injection and cross site scripting vulnerabilities. This affects firmware version 28.72.0.2 and ... • https://packetstorm.news/files/id/127081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 4CVE-2014-3427 – Yealink VoIP Phones - '/servlet' HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2014-3427
13 Jun 2014 — CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet. Vulnerabilidad de inyección CRLF en Yealink VoIP Phones con firmware 28.72.0.2 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuesta HTTP a través del parámetro model en servlet. Yealink VoIP Phones suffer from CRLF injection and cross site scri... • https://packetstorm.news/files/id/127081 •