CVE-2014-3428
CVE-2014-3428 affects Yealink VoIP Phones (Firmware 28.72.0.2) with vulnerabilities in the web interface: XSS via the servlet’s model parameter and a CRLF injection path demonstrated with the linepage parameter. Root cause is insufficient input sanitization in the web UI servlet handling these pa...