CVE-2014-3427: CRLF Injection
First published: Wed Jul 16 2014(Updated: )
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yealink VoIP Phone Firmware | =28.72.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3427?
CVE-2014-3427 is considered to be of medium severity due to its potential for HTTP response splitting attacks.
How do I fix CVE-2014-3427?
To fix CVE-2014-3427, update to a firmware version that is not affected by this vulnerability.
What systems are affected by CVE-2014-3427?
CVE-2014-3427 affects Yealink VoIP Phones running firmware version 28.72.0.2.
What type of attack can be carried out using CVE-2014-3427?
CVE-2014-3427 allows remote attackers to conduct HTTP response splitting attacks through CRLF injection.
Is CVE-2014-3427 remotely exploitable?
Yes, CVE-2014-3427 can be exploited remotely due to its nature as a network protocol vulnerability.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/yealink
- canonical/yealink voip phone firmware
- version/yealink voip phone firmware/28.72.0.2