Published: 01/10/2013 Updated: 02/10/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote malicious users to hijack the authentication of unspecified victims for requests that add users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
grandstream gxv_device_firmware
grandstream gxv_device_firmware 1.0.4.39
grandstream gxv_device_firmware 1.0.4.7
grandstream gxv_device_firmware 1.0.3.9
grandstream gxv_device_firmware 1.0.4.37
grandstream gxv_device_firmware 1.0.4.34
grandstream gxv_device_firmware 1.0.4.27
grandstream gxv_device_firmware 1.0.4.16
grandstream gxv_device_firmware 1.0.4.11
grandstream gxv_device_firmware 1.0.4.42
grandstream gxv_device_firmware 1.0.4.38
grandstream gxv_device_firmware 1.0.4.6
grandstream gxv_device_firmware 1.0.2.3
grandstream gxv3501 -
grandstream gxv3504 -
grandstream gxv3601 -
grandstream gxv3611hd\\/ll -
grandstream gxv3651fhd -
grandstream gxv3662hd -
grandstream gxv3615wp_hd -
grandstream gxv3500 -
grandstream gxv3601hd\\/ll -
grandstream gxv3615w\\/p -

source: wwwsecurityfocuscom/bid/60532/info Grandstream multiple IP cameras including GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, and GXV3500 are prone to a cross-site request-forgery vulnerability Exploiting this issue may allow a remote attacker to perform certain unauthorized ...

Grandstream Series IP cameras suffer from backdoor, cross site request forgery, and cross site scripting vulnerabilities ...

CWE-352 http://seclists.org/fulldisclosure/2013/Jun/84 https://nvd.nist.gov https://www.exploit-db.com/exploits/38584/

CVE-2013-3963

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect