CVE-2014-3428

Name of the Vulnerable Software and Affected Versions Yealink VoIP Phones version 28.72.0.2

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the model parameter to the servlet.

Recommendations For Yealink VoIP Phones version 28.72.0.2, avoid using the model parameter in the affected servlet until a fix is available. As a temporary workaround, consider restricting access to the servlet to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.