The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication.
https://exchange.xforce.ibmcloud.com/vulnerabilities/29349
http://www.securityfocus.com/bid/20346
http://secunia.com/advisories/22267
http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0089.html