Published: 11/12/2019 Updated: 19/12/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote malicious users to obtain access via a TELNET session.

Vulnerable Product	Search on Vulmon	Subscribe to Product
grandstream gxv3501_firmware 1.0.4.11
grandstream gxv3504_firmware 1.0.4.11
grandstream gxv3601_firmware 1.0.4.11
grandstream gxv3601hd_firmware 1.0.4.11
grandstream gxv3601ll_firmware 1.0.4.11
grandstream gxv3611hd_firmware 1.0.4.11
grandstream gxv3611ll_firmware 1.0.4.11
grandstream gxv3615w_firmware 1.0.4.11
grandstream gxv3615p_firmware 1.0.4.11
grandstream gxv3651fhd_firmware 1.0.4.11
grandstream gxv3662hd_firmware 1.0.4.11
grandstream gxv3615wp_hd_firmware 1.0.4.11
grandstream gxv3500_firmware 1.0.4.11

Grandstream Series IP cameras suffer from backdoor, cross site request forgery, and cross site scripting vulnerabilities ...

CWE-798 https://www.youtube.com/watch?v=XkCBs4lenhI http://seclists.org/fulldisclosure/2013/Jun/84 https://nvd.nist.gov https://packetstormsecurity.com/files/122004/Grandstream-Backdoor-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-3542

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect