Cisco is warning of a critical flaw in the web server of its IP phones. If exploited, the flaw could allow an unauthenticated, remote attacker to execute code with root privileges or launch a denial-of-service (DoS) attack. Affected products include: IP Phone 7811, 7821, 7841, and 7861 Desktop Phones; IP Phone 8811, 8841, 8845, 8861, and 8865. Cisco also bumped up the severity of a previously-discovered vulnerability (CVE-2016-1421) to critical on Wednesday.
Source: https://threatpost.com/critical-cisco-ip-phone-rce-flaw/154864/