Vulnerabilites related to grandstream - gxv3615w
var-201912-1585
Vulnerability from variot
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. plural Grandstream The product firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream is an IP phone, network video surveillance solution vendor. The affected products are as follows: GXV3500GXV3501GXV3504GXV3601GXV3601HD/LLGXV3611HD/LLGXV3615W/PGXV3615WP_HDGXV3651FHDGXV3662HD. Grandstream multiple IP cameras including GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, and GXV3500 are prone to multiple security-bypass vulnerabilities. An attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions. =============================================================================== GRANDSTREAM ==================================================================== ===============================================================================
1.Advisory Information Title: Grandstream Series Vulnerabilities Date Published: 12/06/2013 Date of last updated: 12/06/2013
2.Vulnerability Description The following vulnerability has been found in these devices: -CVE-2013-3542. Backdoor in Telnet Protocol(CAPEC-443) -CVE-2013-3962. Cross Site Scripting(CWE-79) -CVE-2013-3963. -CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963. It\x92s possible others models are affected but they were not checked.
4.PoC 4.1.Backdoor in Telnet Protocol CVE-2013-3542, Backdoor in Telnet Protocol You should connect via telnet protocol to any camera affected (it's open by default). After all you should be introduce the magic string \x93 !#/ \x94 as Username and as Password. You will get the admin panel setting menu. If you type "help", the following commands are shown: ======================================================= help, quit, status, restart, restore, upgrade, tty_test ======================================================= @@@ restore (Reset settings to factory default)
The attacker can take the device control, so it's make this devices very vulnerables.
4.2.Cross Site Scripting (XSS) CVE-2013-3962, Cross Site Scripting non-persistent.
http://xx.xx.xx.xx/alert(123)
4.3.Cross Site Request Forgery (CSRF) CVE-2013-3963, CSRF via GET method. A malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters. You should introduce the following URL to replicate the attack.
http://xx.xx.xx.xx/goform/usermanage?cmd=add&user.name=test3&user.password=test3&user.level=0
5.Credits -CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963 were discovered by Jon\xe1s Ropero Castillo.
6.Report Timeline -2013-05-31: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3542. -2013-05-31: Grandstream team reports to the technical support to analyze the vulnerability. -2013-06-11: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3962 and CVE-2013-3963 vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201308-05
http://security.gentoo.org/
Severity: High Title: Wireshark: Multiple vulnerabilities Date: August 28, 2013 Bugs: #398549, #427964, #431572, #433990, #470262, #472762, #478694 ID: 201308-05
Synopsis
Multiple vulnerabilities have been found in Wireshark, allowing remote attackers to execute arbitrary code or cause Denial of Service.
Background
Wireshark is a versatile network protocol analyzer.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/wireshark < 1.10.1 >= 1.10.1 *>= 1.8.9
Description
Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Wireshark 1.10 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.1"
All Wireshark 1.8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.8.9"
References
[ 1 ] CVE-2012-0041 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0041 [ 2 ] CVE-2012-0042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0042 [ 3 ] CVE-2012-0043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0043 [ 4 ] CVE-2012-0066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0066 [ 5 ] CVE-2012-0067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0067 [ 6 ] CVE-2012-0068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0068 [ 7 ] CVE-2012-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3548 [ 8 ] CVE-2012-4048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4048 [ 9 ] CVE-2012-4049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4049 [ 10 ] CVE-2012-4285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4285 [ 11 ] CVE-2012-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4286 [ 12 ] CVE-2012-4287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4287 [ 13 ] CVE-2012-4288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4288 [ 14 ] CVE-2012-4289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289 [ 15 ] CVE-2012-4290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290 [ 16 ] CVE-2012-4291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291 [ 17 ] CVE-2012-4292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292 [ 18 ] CVE-2012-4293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293 [ 19 ] CVE-2012-4294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294 [ 20 ] CVE-2012-4295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295 [ 21 ] CVE-2012-4296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296 [ 22 ] CVE-2012-4297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297 [ 23 ] CVE-2012-4298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298 [ 24 ] CVE-2013-3540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3540 [ 25 ] CVE-2013-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3541 [ 26 ] CVE-2013-3542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3542 [ 27 ] CVE-2013-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3555 [ 28 ] CVE-2013-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3556 [ 29 ] CVE-2013-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3557 [ 30 ] CVE-2013-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3558 [ 31 ] CVE-2013-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3559 [ 32 ] CVE-2013-4074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4074 [ 33 ] CVE-2013-4075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4075 [ 34 ] CVE-2013-4076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4076 [ 35 ] CVE-2013-4077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4077 [ 36 ] CVE-2013-4078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4078 [ 37 ] CVE-2013-4079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4079 [ 38 ] CVE-2013-4080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4080 [ 39 ] CVE-2013-4081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4081 [ 40 ] CVE-2013-4082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4082 [ 41 ] CVE-2013-4083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4083 [ 42 ] CVE-2013-4920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4920 [ 43 ] CVE-2013-4921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4921 [ 44 ] CVE-2013-4922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4922 [ 45 ] CVE-2013-4923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4923 [ 46 ] CVE-2013-4924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4924 [ 47 ] CVE-2013-4925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4925 [ 48 ] CVE-2013-4926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4926 [ 49 ] CVE-2013-4927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4927 [ 50 ] CVE-2013-4928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4928 [ 51 ] CVE-2013-4929 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4929 [ 52 ] CVE-2013-4930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4930 [ 53 ] CVE-2013-4931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4931 [ 54 ] CVE-2013-4932 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4932 [ 55 ] CVE-2013-4933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4933 [ 56 ] CVE-2013-4934 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4934 [ 57 ] CVE-2013-4935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4935 [ 58 ] CVE-2013-4936 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4936
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1585",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxv3501",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3504",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3601",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3601hd",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3601ll",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3611ll",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3615p",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3615w",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3651fhd",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3615wp hd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3611hd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3662hd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3500",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3611 hd",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3501 gxv3504 ip video encoders",
"scope": "eq",
"trust": 0.6,
"vendor": "grandstream",
"version": "/"
},
{
"model": "gxv3500 ip video encoder/decoder",
"scope": null,
"trust": 0.6,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv series ip cameras",
"scope": null,
"trust": 0.6,
"vendor": "grandstream",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:grandstream:gxv3501_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3504_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3601_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3601hd_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3601ll_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3611ll_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3611_hd_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3615p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3615w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3651fhd_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jon??s Ropero Castillo.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
}
],
"trust": 0.6
},
"cve": "CVE-2013-3542",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3542",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-08565",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-3542",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-3542",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3542",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2013-3542",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2013-08565",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-261",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2013-3542",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account \"!#/\" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. plural Grandstream The product firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream is an IP phone, network video surveillance solution vendor. The affected products are as follows: GXV3500GXV3501GXV3504GXV3601GXV3601HD/LLGXV3611HD/LLGXV3615W/PGXV3615WP_HDGXV3651FHDGXV3662HD. Grandstream multiple IP cameras including GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, and GXV3500 are prone to multiple security-bypass vulnerabilities. \nAn attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions. ===============================================================================\nGRANDSTREAM\n====================================================================\n===============================================================================\n\n1.Advisory Information\nTitle: Grandstream Series Vulnerabilities\nDate Published: 12/06/2013\nDate of last updated: 12/06/2013\n\n2.Vulnerability Description\nThe following vulnerability has been found in these devices:\n-CVE-2013-3542. Backdoor in Telnet Protocol(CAPEC-443)\n-CVE-2013-3962. Cross Site Scripting(CWE-79)\n-CVE-2013-3963. \n-CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963. \nIt\\x92s possible others models are affected but they were not checked. \n\n4.PoC\n4.1.Backdoor in Telnet Protocol\nCVE-2013-3542, Backdoor in Telnet Protocol\nYou should connect via telnet protocol to any camera affected (it\u0027s open by default). \nAfter all you should be introduce the magic string \\x93 !#/ \\x94 as Username and as Password. \nYou will get the admin panel setting menu. If you type \"help\", the following commands are shown:\n=======================================================\nhelp, quit, status, restart, restore, upgrade, tty_test\n=======================================================\n @@@ restore (Reset settings to factory default)\n\nThe attacker can take the device control, so it\u0027s make this devices very vulnerables. \n\n4.2.Cross Site Scripting (XSS)\nCVE-2013-3962, Cross Site Scripting non-persistent. \n_____________________________________________________________________________\nhttp://xx.xx.xx.xx/\u003cscript\u003ealert(123)\u003c/script\u003e\n_____________________________________________________________________________\n\n4.3.Cross Site Request Forgery (CSRF)\nCVE-2013-3963, CSRF via GET method. \nA malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters. \nYou should introduce the following URL to replicate the attack. \n_____________________________________________________________________________\nhttp://xx.xx.xx.xx/goform/usermanage?cmd=add\u0026user.name=test3\u0026user.password=test3\u0026user.level=0\n_____________________________________________________________________________\n\n5.Credits\n-CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963 were discovered by Jon\\xe1s Ropero Castillo. \n\n6.Report Timeline\n-2013-05-31: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3542. \n-2013-05-31: Grandstream team reports to the technical support to analyze the vulnerability. \n-2013-06-11: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3962 and CVE-2013-3963 vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201308-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Wireshark: Multiple vulnerabilities\n Date: August 28, 2013\n Bugs: #398549, #427964, #431572, #433990, #470262, #472762, #478694\n ID: 201308-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Wireshark, allowing remote\nattackers to execute arbitrary code or cause Denial of Service. \n\nBackground\n==========\n\nWireshark is a versatile network protocol analyzer. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-analyzer/wireshark \u003c 1.10.1 \u003e= 1.10.1\n *\u003e= 1.8.9\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Wireshark. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process or cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Wireshark 1.10 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/wireshark-1.10.1\"\n\nAll Wireshark 1.8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/wireshark-1.8.9\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-0041\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0041\n[ 2 ] CVE-2012-0042\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0042\n[ 3 ] CVE-2012-0043\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0043\n[ 4 ] CVE-2012-0066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0066\n[ 5 ] CVE-2012-0067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0067\n[ 6 ] CVE-2012-0068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0068\n[ 7 ] CVE-2012-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3548\n[ 8 ] CVE-2012-4048\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4048\n[ 9 ] CVE-2012-4049\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4049\n[ 10 ] CVE-2012-4285\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4285\n[ 11 ] CVE-2012-4286\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4286\n[ 12 ] CVE-2012-4287\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4287\n[ 13 ] CVE-2012-4288\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4288\n[ 14 ] CVE-2012-4289\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289\n[ 15 ] CVE-2012-4290\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290\n[ 16 ] CVE-2012-4291\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291\n[ 17 ] CVE-2012-4292\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292\n[ 18 ] CVE-2012-4293\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293\n[ 19 ] CVE-2012-4294\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294\n[ 20 ] CVE-2012-4295\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295\n[ 21 ] CVE-2012-4296\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296\n[ 22 ] CVE-2012-4297\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297\n[ 23 ] CVE-2012-4298\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298\n[ 24 ] CVE-2013-3540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3540\n[ 25 ] CVE-2013-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3541\n[ 26 ] CVE-2013-3542\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3542\n[ 27 ] CVE-2013-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3555\n[ 28 ] CVE-2013-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3556\n[ 29 ] CVE-2013-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3557\n[ 30 ] CVE-2013-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3558\n[ 31 ] CVE-2013-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3559\n[ 32 ] CVE-2013-4074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4074\n[ 33 ] CVE-2013-4075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4075\n[ 34 ] CVE-2013-4076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4076\n[ 35 ] CVE-2013-4077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4077\n[ 36 ] CVE-2013-4078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4078\n[ 37 ] CVE-2013-4079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4079\n[ 38 ] CVE-2013-4080\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4080\n[ 39 ] CVE-2013-4081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4081\n[ 40 ] CVE-2013-4082\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4082\n[ 41 ] CVE-2013-4083\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4083\n[ 42 ] CVE-2013-4920\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4920\n[ 43 ] CVE-2013-4921\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4921\n[ 44 ] CVE-2013-4922\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4922\n[ 45 ] CVE-2013-4923\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4923\n[ 46 ] CVE-2013-4924\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4924\n[ 47 ] CVE-2013-4925\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4925\n[ 48 ] CVE-2013-4926\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4926\n[ 49 ] CVE-2013-4927\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4927\n[ 50 ] CVE-2013-4928\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4928\n[ 51 ] CVE-2013-4929\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4929\n[ 52 ] CVE-2013-4930\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4930\n[ 53 ] CVE-2013-4931\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4931\n[ 54 ] CVE-2013-4932\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4932\n[ 55 ] CVE-2013-4933\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4933\n[ 56 ] CVE-2013-4934\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4934\n[ 57 ] CVE-2013-4935\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4935\n[ 58 ] CVE-2013-4936\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4936\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201308-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3542"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "BID",
"id": "60535"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "PACKETSTORM",
"id": "122983"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3542",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "122004",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "53763",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-08565",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261",
"trust": 0.6
},
{
"db": "BID",
"id": "60535",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2013-3542",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122983",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "BID",
"id": "60535"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"id": "VAR-201912-1585",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
}
],
"trust": 1.25875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
}
]
},
"last_update_date": "2024-11-23T20:53:37.157000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2013/jun/84"
},
{
"trust": 1.7,
"url": "https://www.youtube.com/watch?v=xkcbs4lenhi"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3542"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3542"
},
{
"trust": 0.6,
"url": "http://www.secunia.com/advisories/53763/"
},
{
"trust": 0.6,
"url": "http://packetstormsecurity.com/files/122004/grandstream-backdoor-cross-site-request-forgery-cross-site-scripting.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/60535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3963"
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/\u003cscript\u003ealert(123)\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/goform/usermanage?cmd=add\u0026user.name=test3\u0026user.password=test3\u0026user.level=0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4933"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3541"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4081"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4298"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4289"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4296"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0042"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3540"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4924"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4078"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4297"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4932"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4287"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4080"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4082"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0041"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4287"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4931"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4048"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4285"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4291"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4083"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4936"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4926"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4923"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4920"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4286"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4927"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4935"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3556"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4294"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4048"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4286"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4077"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4291"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4929"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4921"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3559"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3557"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4049"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201308-05.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4289"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4290"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0041"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4294"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4076"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4925"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4290"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3540"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4298"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4297"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4079"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "BID",
"id": "60535"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"date": "2019-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"date": "2013-06-12T00:00:00",
"db": "BID",
"id": "60535"
},
{
"date": "2019-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"date": "2013-06-13T06:12:41",
"db": "PACKETSTORM",
"id": "122004"
},
{
"date": "2013-08-29T02:49:21",
"db": "PACKETSTORM",
"id": "122983"
},
{
"date": "2013-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"date": "2019-12-11T19:15:11.407000",
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"date": "2019-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"date": "2013-08-30T00:13:00",
"db": "BID",
"id": "60535"
},
{
"date": "2019-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"date": "2019-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"date": "2024-11-21T01:53:51.560000",
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Grandstream Vulnerabilities related to the use of hard-coded credentials in product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
}
],
"trust": 0.6
}
}
cve-2013-3542
Vulnerability from cvelistv5
Published
2019-12-11 18:07
Modified
2024-08-06 16:14
Severity ?
EPSS score ?
Summary
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2013/Jun/84 | x_refsource_MISC | |
| https://www.youtube.com/watch?v=XkCBs4lenhI | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=XkCBs4lenhI"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account \"!#/\" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T18:07:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=XkCBs4lenhI"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account \"!#/\" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2013/Jun/84",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"name": "https://www.youtube.com/watch?v=XkCBs4lenhI",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=XkCBs4lenhI"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3542",
"datePublished": "2019-12-11T18:07:23",
"dateReserved": "2013-05-14T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-12-11 19:15
Modified
2024-11-21 01:53
Severity ?
Summary
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2013/Jun/84 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=XkCBs4lenhI | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2013/Jun/84 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=XkCBs4lenhI | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| grandstream | gxv3501_firmware | 1.0.4.11 | |
| grandstream | gxv3501 | - | |
| grandstream | gxv3504_firmware | 1.0.4.11 | |
| grandstream | gxv3504 | - | |
| grandstream | gxv3601_firmware | 1.0.4.11 | |
| grandstream | gxv3601 | - | |
| grandstream | gxv3601hd_firmware | 1.0.4.11 | |
| grandstream | gxv3601hd | - | |
| grandstream | gxv3601ll_firmware | 1.0.4.11 | |
| grandstream | gxv3601ll | - | |
| grandstream | gxv3611hd_firmware | 1.0.4.11 | |
| grandstream | gxv3611hd | - | |
| grandstream | gxv3611ll_firmware | 1.0.4.11 | |
| grandstream | gxv3611ll | - | |
| grandstream | gxv3615w_firmware | 1.0.4.11 | |
| grandstream | gxv3615w | - | |
| grandstream | gxv3615p_firmware | 1.0.4.11 | |
| grandstream | gxv3615p | - | |
| grandstream | gxv3651fhd_firmware | 1.0.4.11 | |
| grandstream | gxv3651fhd | - | |
| grandstream | gxv3662hd_firmware | 1.0.4.11 | |
| grandstream | gxv3662hd | - | |
| grandstream | gxv3615wp_hd_firmware | 1.0.4.11 | |
| grandstream | gxv3615wp_hd | - | |
| grandstream | gxv3500_firmware | 1.0.4.11 | |
| grandstream | gxv3500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3501_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "003992B4-CBB3-4068-99B9-332C8C02D9DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1550A087-E35E-44EE-A19F-C69EB173E49B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3504_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB073E38-CE09-49B3-B1DE-BDB47D49830E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83A4BA5B-1996-4527-960C-492FD9400003",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3601_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "06EBA688-CDC6-44E1-BD51-BEDC559BF6CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3601:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5CAAD0-A565-4B3A-B022-BD0130914383",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3601hd_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCAE847-568D-49A7-84E7-EDCE66ACFC1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3601hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1470A11D-EB95-4883-8171-EAE36C90AE7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3601ll_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "067898A0-4B0D-4629-AC34-4646D254605E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3601ll:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B8F3CB1-0035-4C8E-BC26-74EA3995E569",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3611hd_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "17952D05-7237-449E-9542-DB42D0FB1555",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3611hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0404DA-E080-4ED0-8E16-AFBB56371A75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3611ll_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6C4B2E61-D43A-48D3-A8E7-4511179220B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3611ll:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E37B4EB-C827-4FC7-9265-218A4FEA1265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3615w_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "252875A3-9F2C-41E8-A9A6-C500A7AC6F6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3615w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24D608AA-0206-4D4E-8A71-8716F31F1462",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3615p_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "60229012-748E-4799-85F4-262C7F64931A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3615p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD2B49D-4BDC-44E1-96D5-48D44B4DE956",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3651fhd_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82E63F97-75A1-4ABC-A291-A497B02EA14D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3651fhd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00BE6AEB-930F-471F-9DF8-1B8148557ACA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3662hd_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B418CC4-43CC-40FF-B2AF-CAEDD391A542",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3662hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36362F8F-92D6-4475-AADB-6D02971E1025",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3615wp_hd_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "692E680C-DCAA-4432-8F6D-AE7A97E90B75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3615wp_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C79390F8-EC97-4922-81C9-184B630E8AB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3500_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0D22A683-C1BB-4F7E-969A-7CF45BA2D7C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAEBA7D-656D-4520-94CE-370A5712A380",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account \"!#/\" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session."
},
{
"lang": "es",
"value": "Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, y posiblemente otros modelos de c\u00e1mara con versi\u00f3n de firmware 1.0.4.11, poseen una cuenta embebida \"!#/\" con la misma contrase\u00f1a, lo que facilita a atacantes remotos obtener acceso por medio de una sesi\u00f3n TELNET."
}
],
"id": "CVE-2013-3542",
"lastModified": "2024-11-21T01:53:51.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-11T19:15:11.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=XkCBs4lenhI"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=XkCBs4lenhI"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}