Yealink VoIP Phones - servlet HTTP Response Splitting

2014-06-12T00:00:00
ID EXPLOITPACK:C6E603D2231845A59BC538BEB880DD00
Type exploitpack
Reporter Jesus Oquendo
Modified 2014-06-12T00:00:00

Description

Yealink VoIP Phones - servlet HTTP Response Splitting

                                        
                                            source: https://www.securityfocus.com/bid/68022/info

Yealink VoIP Phones are prone to an HTTP-response-splitting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to influence how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.

Yealink VoIP Phones firmware 28.72.0.2 and hardware 28.2.0.128.0.0.0 are vulnerable; other versions may also be affected. 

GET /servlet?linepage=1&model=%0d%0a[Header]&p=dsskey&q=load