Published: 01/10/2013 Updated: 02/10/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO.

Vulnerable Product	Search on Vulmon	Subscribe to Product
grandstream gxv_device_firmware 1.0.4.38
grandstream gxv_device_firmware 1.0.4.37
grandstream gxv_device_firmware 1.0.4.34
grandstream gxv_device_firmware 1.0.4.27
grandstream gxv_device_firmware
grandstream gxv_device_firmware 1.0.4.39
grandstream gxv_device_firmware 1.0.4.16
grandstream gxv_device_firmware 1.0.4.7
grandstream gxv_device_firmware 1.0.3.9
grandstream gxv_device_firmware 1.0.2.3
grandstream gxv_device_firmware 1.0.4.42
grandstream gxv_device_firmware 1.0.4.11
grandstream gxv_device_firmware 1.0.4.6
grandstream gxv3651fhd -
grandstream gxv3662hd -
grandstream gxv3615wp_hd -
grandstream gxv3500 -
grandstream gxv3601 -
grandstream gxv3611hd\\/ll -
grandstream gxv3501 -
grandstream gxv3504 -
grandstream gxv3601hd\\/ll -
grandstream gxv3615w\\/p -

Grandstream Series IP cameras suffer from backdoor, cross site request forgery, and cross site scripting vulnerabilities ...

CWE-79 http://seclists.org/fulldisclosure/2013/Jun/84 http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV35xx_GXV36xx_H1.0.4.44.pdf https://nvd.nist.gov https://packetstormsecurity.com/files/122004/Grandstream-Backdoor-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

CVE-2013-3962

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect