Unrated severityNVD Advisory· Published Jul 16, 2014· Updated May 6, 2026

CVE-2014-3427

Description

CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.

Affected products

Yealink/Voip Phone Firmware
cpe:2.3:o:yealink:voip_phone_firmware:28.72.0.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/127081/Yealink-VoIP-Phones-XSS-CRLF-Injection.htmlnvdExploit
seclists.org/fulldisclosure/2014/Jun/74nvdExploit
www.securityfocus.com/archive/1/532410/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000