Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-3427. PoCs published by Jesus Oquendo.
AI-analyzed exploit summary This exploit demonstrates an HTTP response splitting vulnerability in Yealink VoIP Phones by injecting CR/LF characters into the 'model' parameter. This allows an attacker to manipulate HTTP headers and potentially perform cache poisoning or XSS attacks.
Description
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.
Exploits (1)
This exploit demonstrates an HTTP response splitting vulnerability in Yealink VoIP Phones by injecting CR/LF characters into the 'model' parameter. This allows an attacker to manipulate HTTP headers and potentially perform cache poisoning or XSS attacks.