source: https://www.securityfocus.com/bid/68022/info
YealinkVoIPPhones are prone toanHTTP-response-splitting vulnerability because it fails toproperly sanitize user-supplied input.
An attacker may leverage this issue toinfluence how web content is served, cached, or interpreted. This could aid in various attacks that trytoentice client users into a false sense of trust.
YealinkVoIPPhones firmware 28.72.0.2 and hardware 28.2.0.128.0.0.0 are vulnerable; other versions may also be affected.GET/servlet?linepage=1&model=%0d%0a[Header]&p=dsskey&q=load
