Vulnerabilites related to grandstream - gxv3662hd
Vulnerability from fkie_nvd
Published
2013-10-01 19:55
Modified
2024-11-21 01:54
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| grandstream | gxv_device_firmware | * | |
| grandstream | gxv_device_firmware | 1.0.2.3 | |
| grandstream | gxv_device_firmware | 1.0.3.9 | |
| grandstream | gxv_device_firmware | 1.0.4.6 | |
| grandstream | gxv_device_firmware | 1.0.4.7 | |
| grandstream | gxv_device_firmware | 1.0.4.11 | |
| grandstream | gxv_device_firmware | 1.0.4.16 | |
| grandstream | gxv_device_firmware | 1.0.4.27 | |
| grandstream | gxv_device_firmware | 1.0.4.34 | |
| grandstream | gxv_device_firmware | 1.0.4.37 | |
| grandstream | gxv_device_firmware | 1.0.4.38 | |
| grandstream | gxv_device_firmware | 1.0.4.39 | |
| grandstream | gxv_device_firmware | 1.0.4.42 | |
| grandstream | gxv3500 | - | |
| grandstream | gxv3501 | - | |
| grandstream | gxv3504 | - | |
| grandstream | gxv3601 | - | |
| grandstream | gxv3601hd\/ll | - | |
| grandstream | gxv3611hd\/ll | - | |
| grandstream | gxv3615w\/p | - | |
| grandstream | gxv3615wp_hd | - | |
| grandstream | gxv3651fhd | - | |
| grandstream | gxv3662hd | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53F7233B-3C46-47AA-8FD2-5972F04C15AF",
"versionEndIncluding": "1.0.4.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "612208E1-B2B0-4E4F-921A-4368F805515E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "86535E57-635F-4AD8-AE00-FD5D00E3684A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90713ED3-8DD4-488C-A901-47D636A7A21E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21CC85FD-7293-4187-910F-9E010841EBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEF0F10-D63E-4931-882C-CBA6BBE33F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D02E4C11-DD10-4F22-B5E7-0A490D9D4760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "1338E5F7-4EE3-4244-8E1F-2ABA50054DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D7074F-CC2B-4EED-98EA-4C895EC5EA9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "FA71D8D0-6A8E-475A-9E0E-845CBA2B7D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4DC610-777B-4F3B-8B92-5D7771CD8BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.39:*:*:*:*:*:*:*",
"matchCriteriaId": "F76307FE-851E-44CE-9248-5F5CE7ECB2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.42:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D58580-E3E1-485C-A560-93E77F3F196C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAEBA7D-656D-4520-94CE-370A5712A380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1550A087-E35E-44EE-A19F-C69EB173E49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83A4BA5B-1996-4527-960C-492FD9400003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3601:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5CAAD0-A565-4B3A-B022-BD0130914383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3601hd\\/ll:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73DB8462-2203-41F2-8C31-FD074240DC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3611hd\\/ll:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C4FE33-DBB7-44A9-BFC4-11A47667533C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3615w\\/p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3ECC3C-43BD-4ABC-B2D7-45982BE4B929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3615wp_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C79390F8-EC97-4922-81C9-184B630E8AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3651fhd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00BE6AEB-930F-471F-9DF8-1B8148557ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3662hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36362F8F-92D6-4475-AADB-6D02971E1025",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en goform/usermanage en Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, y posiblemente otros modelos de c\u00e1mara permite a atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas sin especificar para peticiones que incluyan usuarios."
}
],
"id": "CVE-2013-3963",
"lastModified": "2024-11-21T01:54:38.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-01T19:55:09.443",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-11 19:15
Modified
2024-11-21 01:53
Severity ?
Summary
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2013/Jun/84 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=XkCBs4lenhI | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2013/Jun/84 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=XkCBs4lenhI | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| grandstream | gxv3501_firmware | 1.0.4.11 | |
| grandstream | gxv3501 | - | |
| grandstream | gxv3504_firmware | 1.0.4.11 | |
| grandstream | gxv3504 | - | |
| grandstream | gxv3601_firmware | 1.0.4.11 | |
| grandstream | gxv3601 | - | |
| grandstream | gxv3601hd_firmware | 1.0.4.11 | |
| grandstream | gxv3601hd | - | |
| grandstream | gxv3601ll_firmware | 1.0.4.11 | |
| grandstream | gxv3601ll | - | |
| grandstream | gxv3611hd_firmware | 1.0.4.11 | |
| grandstream | gxv3611hd | - | |
| grandstream | gxv3611ll_firmware | 1.0.4.11 | |
| grandstream | gxv3611ll | - | |
| grandstream | gxv3615w_firmware | 1.0.4.11 | |
| grandstream | gxv3615w | - | |
| grandstream | gxv3615p_firmware | 1.0.4.11 | |
| grandstream | gxv3615p | - | |
| grandstream | gxv3651fhd_firmware | 1.0.4.11 | |
| grandstream | gxv3651fhd | - | |
| grandstream | gxv3662hd_firmware | 1.0.4.11 | |
| grandstream | gxv3662hd | - | |
| grandstream | gxv3615wp_hd_firmware | 1.0.4.11 | |
| grandstream | gxv3615wp_hd | - | |
| grandstream | gxv3500_firmware | 1.0.4.11 | |
| grandstream | gxv3500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3501_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "003992B4-CBB3-4068-99B9-332C8C02D9DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1550A087-E35E-44EE-A19F-C69EB173E49B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3504_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB073E38-CE09-49B3-B1DE-BDB47D49830E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83A4BA5B-1996-4527-960C-492FD9400003",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3601_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "06EBA688-CDC6-44E1-BD51-BEDC559BF6CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3601:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5CAAD0-A565-4B3A-B022-BD0130914383",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3601hd_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCAE847-568D-49A7-84E7-EDCE66ACFC1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3601hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1470A11D-EB95-4883-8171-EAE36C90AE7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3601ll_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "067898A0-4B0D-4629-AC34-4646D254605E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3601ll:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B8F3CB1-0035-4C8E-BC26-74EA3995E569",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3611hd_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "17952D05-7237-449E-9542-DB42D0FB1555",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3611hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0404DA-E080-4ED0-8E16-AFBB56371A75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3611ll_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6C4B2E61-D43A-48D3-A8E7-4511179220B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3611ll:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E37B4EB-C827-4FC7-9265-218A4FEA1265",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3615w_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "252875A3-9F2C-41E8-A9A6-C500A7AC6F6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3615w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24D608AA-0206-4D4E-8A71-8716F31F1462",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3615p_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "60229012-748E-4799-85F4-262C7F64931A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3615p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD2B49D-4BDC-44E1-96D5-48D44B4DE956",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3651fhd_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82E63F97-75A1-4ABC-A291-A497B02EA14D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3651fhd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00BE6AEB-930F-471F-9DF8-1B8148557ACA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3662hd_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B418CC4-43CC-40FF-B2AF-CAEDD391A542",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3662hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36362F8F-92D6-4475-AADB-6D02971E1025",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3615wp_hd_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "692E680C-DCAA-4432-8F6D-AE7A97E90B75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3615wp_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C79390F8-EC97-4922-81C9-184B630E8AB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv3500_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0D22A683-C1BB-4F7E-969A-7CF45BA2D7C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAEBA7D-656D-4520-94CE-370A5712A380",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account \"!#/\" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session."
},
{
"lang": "es",
"value": "Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, y posiblemente otros modelos de c\u00e1mara con versi\u00f3n de firmware 1.0.4.11, poseen una cuenta embebida \"!#/\" con la misma contrase\u00f1a, lo que facilita a atacantes remotos obtener acceso por medio de una sesi\u00f3n TELNET."
}
],
"id": "CVE-2013-3542",
"lastModified": "2024-11-21T01:53:51.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-11T19:15:11.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=XkCBs4lenhI"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=XkCBs4lenhI"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-01 19:55
Modified
2024-11-21 01:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| grandstream | gxv_device_firmware | * | |
| grandstream | gxv_device_firmware | 1.0.2.3 | |
| grandstream | gxv_device_firmware | 1.0.3.9 | |
| grandstream | gxv_device_firmware | 1.0.4.6 | |
| grandstream | gxv_device_firmware | 1.0.4.7 | |
| grandstream | gxv_device_firmware | 1.0.4.11 | |
| grandstream | gxv_device_firmware | 1.0.4.16 | |
| grandstream | gxv_device_firmware | 1.0.4.27 | |
| grandstream | gxv_device_firmware | 1.0.4.34 | |
| grandstream | gxv_device_firmware | 1.0.4.37 | |
| grandstream | gxv_device_firmware | 1.0.4.38 | |
| grandstream | gxv_device_firmware | 1.0.4.39 | |
| grandstream | gxv_device_firmware | 1.0.4.42 | |
| grandstream | gxv3500 | - | |
| grandstream | gxv3501 | - | |
| grandstream | gxv3504 | - | |
| grandstream | gxv3601 | - | |
| grandstream | gxv3601hd\/ll | - | |
| grandstream | gxv3611hd\/ll | - | |
| grandstream | gxv3615w\/p | - | |
| grandstream | gxv3615wp_hd | - | |
| grandstream | gxv3651fhd | - | |
| grandstream | gxv3662hd | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53F7233B-3C46-47AA-8FD2-5972F04C15AF",
"versionEndIncluding": "1.0.4.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "612208E1-B2B0-4E4F-921A-4368F805515E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "86535E57-635F-4AD8-AE00-FD5D00E3684A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "90713ED3-8DD4-488C-A901-47D636A7A21E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21CC85FD-7293-4187-910F-9E010841EBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEF0F10-D63E-4931-882C-CBA6BBE33F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D02E4C11-DD10-4F22-B5E7-0A490D9D4760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "1338E5F7-4EE3-4244-8E1F-2ABA50054DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D7074F-CC2B-4EED-98EA-4C895EC5EA9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "FA71D8D0-6A8E-475A-9E0E-845CBA2B7D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4DC610-777B-4F3B-8B92-5D7771CD8BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.39:*:*:*:*:*:*:*",
"matchCriteriaId": "F76307FE-851E-44CE-9248-5F5CE7ECB2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.42:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D58580-E3E1-485C-A560-93E77F3F196C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:grandstream:gxv3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAEBA7D-656D-4520-94CE-370A5712A380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1550A087-E35E-44EE-A19F-C69EB173E49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83A4BA5B-1996-4527-960C-492FD9400003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3601:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5CAAD0-A565-4B3A-B022-BD0130914383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3601hd\\/ll:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73DB8462-2203-41F2-8C31-FD074240DC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3611hd\\/ll:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C4FE33-DBB7-44A9-BFC4-11A47667533C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3615w\\/p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3ECC3C-43BD-4ABC-B2D7-45982BE4B929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3615wp_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C79390F8-EC97-4922-81C9-184B630E8AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3651fhd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00BE6AEB-930F-471F-9DF8-1B8148557ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:grandstream:gxv3662hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36362F8F-92D6-4475-AADB-6D02971E1025",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, y posiblemente otros modelos de c\u00e1mara anteriores al firmware 1.0.4.44, permite a atacantes remotos inyectar script web arbitrario o HTML a trav\u00e9s de PATH_INFO."
}
],
"id": "CVE-2013-3962",
"lastModified": "2024-11-21T01:54:37.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-01T19:55:09.427",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"source": "cve@mitre.org",
"url": "http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV35xx_GXV36xx_H1.0.4.44.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV35xx_GXV36xx_H1.0.4.44.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-3963
Vulnerability from cvelistv5
Published
2013-10-01 19:00
Modified
2024-09-16 17:18
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2013/Jun/84 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130612 Security Analysis of IP video surveillance cameras",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-01T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130612 Security Analysis of IP video surveillance cameras",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130612 Security Analysis of IP video surveillance cameras",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3963",
"datePublished": "2013-10-01T19:00:00Z",
"dateReserved": "2013-06-06T00:00:00Z",
"dateUpdated": "2024-09-16T17:18:50.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3542
Vulnerability from cvelistv5
Published
2019-12-11 18:07
Modified
2024-08-06 16:14
Severity ?
EPSS score ?
Summary
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2013/Jun/84 | x_refsource_MISC | |
| https://www.youtube.com/watch?v=XkCBs4lenhI | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=XkCBs4lenhI"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account \"!#/\" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T18:07:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=XkCBs4lenhI"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account \"!#/\" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2013/Jun/84",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"name": "https://www.youtube.com/watch?v=XkCBs4lenhI",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=XkCBs4lenhI"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3542",
"datePublished": "2019-12-11T18:07:23",
"dateReserved": "2013-05-14T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3962
Vulnerability from cvelistv5
Published
2013-10-01 19:00
Modified
2024-09-17 00:40
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2013/Jun/84 | mailing-list, x_refsource_FULLDISC | |
| http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV35xx_GXV36xx_H1.0.4.44.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130612 Security Analysis of IP video surveillance cameras",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV35xx_GXV36xx_H1.0.4.44.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-01T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130612 Security Analysis of IP video surveillance cameras",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV35xx_GXV36xx_H1.0.4.44.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130612 Security Analysis of IP video surveillance cameras",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"name": "http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV35xx_GXV36xx_H1.0.4.44.pdf",
"refsource": "CONFIRM",
"url": "http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV35xx_GXV36xx_H1.0.4.44.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3962",
"datePublished": "2013-10-01T19:00:00Z",
"dateReserved": "2013-06-06T00:00:00Z",
"dateUpdated": "2024-09-17T00:40:40.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201310-0248
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users. The telnet service in multiple Grandstream products uses a built-in account that allows remote attackers to use this account to gain unauthorized access to factory reset or upgrade firmware. Grandstream is an IP phone, network video surveillance solution vendor. There are cross-site request forgery vulnerabilities in multiple products of the Grandstream WEB interface, allowing attackers to build malicious URIs, enticing login users to resolve, and performing malicious operations in the target user context, such as adding new users. The affected products are as follows: GXV3500GXV3501GXV3504GXV3601GXV3601HD/LLGXV3611HD/LLGXV3615W/PGXV3615WP_HDGXV3651FHDGXV3662HD. Grandstream multiple IP cameras including GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, and GXV3500 are prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Grandstream GXV3501 and others are network camera products of American Grandstream Networks (Grandstream) company. =============================================================================== GRANDSTREAM ==================================================================== ===============================================================================
1.Advisory Information Title: Grandstream Series Vulnerabilities Date Published: 12/06/2013 Date of last updated: 12/06/2013
2.Vulnerability Description The following vulnerability has been found in these devices: -CVE-2013-3542. Backdoor in Telnet Protocol(CAPEC-443) -CVE-2013-3962. Cross Site Scripting(CWE-79) -CVE-2013-3963. -CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963. It\x92s possible others models are affected but they were not checked.
4.PoC 4.1.Backdoor in Telnet Protocol CVE-2013-3542, Backdoor in Telnet Protocol You should connect via telnet protocol to any camera affected (it's open by default). After all you should be introduce the magic string \x93 !#/ \x94 as Username and as Password. You will get the admin panel setting menu. If you type "help", the following commands are shown: ======================================================= help, quit, status, restart, restore, upgrade, tty_test ======================================================= @@@ restore (Reset settings to factory default)
The attacker can take the device control, so it's make this devices very vulnerables.
4.2.Cross Site Scripting (XSS) CVE-2013-3962, Cross Site Scripting non-persistent.
http://xx.xx.xx.xx/alert(123)
4.3.Cross Site Request Forgery (CSRF) CVE-2013-3963, CSRF via GET method. A malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters. You should introduce the following URL to replicate the attack.
http://xx.xx.xx.xx/goform/usermanage?cmd=add&user.name=test3&user.password=test3&user.level=0
5.Credits -CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963 were discovered by Jon\xe1s Ropero Castillo.
6.Report Timeline -2013-05-31: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3542. -2013-05-31: Grandstream team reports to the technical support to analyze the vulnerability. -2013-06-11: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3962 and CVE-2013-3963 vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0248",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.16"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.3.9"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.37"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.27"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.7"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.38"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.6"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.34"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.2.3"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3501 gxv3504 ip video encoders",
"scope": "eq",
"trust": 1.2,
"vendor": "grandstream",
"version": "/"
},
{
"model": "gxv3500 ip video encoder/decoder",
"scope": null,
"trust": 1.2,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv series ip cameras",
"scope": null,
"trust": 1.2,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv device",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.43"
},
{
"model": "gxv3651fhd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3501",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3611hd\\/ll",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.42"
},
{
"model": "gxv3615wp hd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3615w\\/p",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3662hd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3500",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3504",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.39"
},
{
"model": "gxv3601",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3601hd\\/ll",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv",
"scope": "lte",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.43"
},
{
"model": "gxv3500",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3501",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3504",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3601",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3601hd/ll",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3611hd/ll",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3615w/p",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3615wp hd",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3651fhd",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3662hd",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3662hd",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3651fhd",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3615wp hd",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3615w/p",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3611hd/ll",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3601hd/ll",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3601",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3504",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3501",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3500",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "CNVD",
"id": "CNVD-2013-08564"
},
{
"db": "BID",
"id": "60532"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004459"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-258"
},
{
"db": "NVD",
"id": "CVE-2013-3963"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:grandstream:gxv_device_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3501",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3504",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3601",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3601hd%2fll",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3611hd%2fll",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3615w%2fp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3615wp_hd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3651fhd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3662hd",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004459"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JonAis Ropero Castillo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-258"
}
],
"trust": 0.6
},
"cve": "CVE-2013-3963",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-3963",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-08565",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2013-08564",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-63965",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3963",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-3963",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-08565",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-08564",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-258",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63965",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "CNVD",
"id": "CNVD-2013-08564"
},
{
"db": "VULHUB",
"id": "VHN-63965"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004459"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-258"
},
{
"db": "NVD",
"id": "CVE-2013-3963"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users. The telnet service in multiple Grandstream products uses a built-in account that allows remote attackers to use this account to gain unauthorized access to factory reset or upgrade firmware. Grandstream is an IP phone, network video surveillance solution vendor. There are cross-site request forgery vulnerabilities in multiple products of the Grandstream WEB interface, allowing attackers to build malicious URIs, enticing login users to resolve, and performing malicious operations in the target user context, such as adding new users. The affected products are as follows: GXV3500GXV3501GXV3504GXV3601GXV3601HD/LLGXV3611HD/LLGXV3615W/PGXV3615WP_HDGXV3651FHDGXV3662HD. Grandstream multiple IP cameras including GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, and GXV3500 are prone to a cross-site request-forgery vulnerability. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Grandstream GXV3501 and others are network camera products of American Grandstream Networks (Grandstream) company. ===============================================================================\nGRANDSTREAM\n====================================================================\n===============================================================================\n\n1.Advisory Information\nTitle: Grandstream Series Vulnerabilities\nDate Published: 12/06/2013\nDate of last updated: 12/06/2013\n\n2.Vulnerability Description\nThe following vulnerability has been found in these devices:\n-CVE-2013-3542. Backdoor in Telnet Protocol(CAPEC-443)\n-CVE-2013-3962. Cross Site Scripting(CWE-79)\n-CVE-2013-3963. \n-CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963. \nIt\\x92s possible others models are affected but they were not checked. \n\n4.PoC\n4.1.Backdoor in Telnet Protocol\nCVE-2013-3542, Backdoor in Telnet Protocol\nYou should connect via telnet protocol to any camera affected (it\u0027s open by default). \nAfter all you should be introduce the magic string \\x93 !#/ \\x94 as Username and as Password. \nYou will get the admin panel setting menu. If you type \"help\", the following commands are shown:\n=======================================================\nhelp, quit, status, restart, restore, upgrade, tty_test\n=======================================================\n @@@ restore (Reset settings to factory default)\n\nThe attacker can take the device control, so it\u0027s make this devices very vulnerables. \n\n4.2.Cross Site Scripting (XSS)\nCVE-2013-3962, Cross Site Scripting non-persistent. \n_____________________________________________________________________________\nhttp://xx.xx.xx.xx/\u003cscript\u003ealert(123)\u003c/script\u003e\n_____________________________________________________________________________\n\n4.3.Cross Site Request Forgery (CSRF)\nCVE-2013-3963, CSRF via GET method. \nA malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters. \nYou should introduce the following URL to replicate the attack. \n_____________________________________________________________________________\nhttp://xx.xx.xx.xx/goform/usermanage?cmd=add\u0026user.name=test3\u0026user.password=test3\u0026user.level=0\n_____________________________________________________________________________\n\n5.Credits\n-CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963 were discovered by Jon\\xe1s Ropero Castillo. \n\n6.Report Timeline\n-2013-05-31: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3542. \n-2013-05-31: Grandstream team reports to the technical support to analyze the vulnerability. \n-2013-06-11: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3962 and CVE-2013-3963 vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3963"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004459"
},
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "CNVD",
"id": "CNVD-2013-08564"
},
{
"db": "BID",
"id": "60532"
},
{
"db": "VULHUB",
"id": "VHN-63965"
},
{
"db": "PACKETSTORM",
"id": "122004"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-63965",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63965"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3963",
"trust": 3.5
},
{
"db": "BID",
"id": "60532",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "122004",
"trust": 1.3
},
{
"db": "SECUNIA",
"id": "53763",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004459",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201306-258",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-08565",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-08564",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20130612 SECURITY ANALYSIS OF IP VIDEO SURVEILLANCE CAMERAS",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "38584",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-63965",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "CNVD",
"id": "CNVD-2013-08564"
},
{
"db": "VULHUB",
"id": "VHN-63965"
},
{
"db": "BID",
"id": "60532"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004459"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-258"
},
{
"db": "NVD",
"id": "CVE-2013-3963"
}
]
},
"id": "VAR-201310-0248",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "CNVD",
"id": "CNVD-2013-08564"
},
{
"db": "VULHUB",
"id": "VHN-63965"
}
],
"trust": 1.9419642857142856
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "CNVD",
"id": "CNVD-2013-08564"
}
]
},
"last_update_date": "2024-11-23T19:42:20.052000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004459"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63965"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004459"
},
{
"db": "NVD",
"id": "CVE-2013-3963"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://seclists.org/fulldisclosure/2013/jun/84"
},
{
"trust": 1.2,
"url": "http://www.secunia.com/advisories/53763/"
},
{
"trust": 1.2,
"url": "http://packetstormsecurity.com/files/122004/grandstream-backdoor-cross-site-request-forgery-cross-site-scripting.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3963"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3963"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60532"
},
{
"trust": 0.3,
"url": "http://www.grandstream.com/index.php/products/ip-video-surveillance"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3542"
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/\u003cscript\u003ealert(123)\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/goform/usermanage?cmd=add\u0026user.name=test3\u0026user.password=test3\u0026user.level=0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3962"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "CNVD",
"id": "CNVD-2013-08564"
},
{
"db": "VULHUB",
"id": "VHN-63965"
},
{
"db": "BID",
"id": "60532"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004459"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-258"
},
{
"db": "NVD",
"id": "CVE-2013-3963"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "CNVD",
"id": "CNVD-2013-08564"
},
{
"db": "VULHUB",
"id": "VHN-63965"
},
{
"db": "BID",
"id": "60532"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004459"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-258"
},
{
"db": "NVD",
"id": "CVE-2013-3963"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"date": "2013-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08564"
},
{
"date": "2013-10-01T00:00:00",
"db": "VULHUB",
"id": "VHN-63965"
},
{
"date": "2013-06-12T00:00:00",
"db": "BID",
"id": "60532"
},
{
"date": "2013-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004459"
},
{
"date": "2013-06-13T06:12:41",
"db": "PACKETSTORM",
"id": "122004"
},
{
"date": "2013-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-258"
},
{
"date": "2013-10-01T19:55:09.443000",
"db": "NVD",
"id": "CVE-2013-3963"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"date": "2013-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08564"
},
{
"date": "2013-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-63965"
},
{
"date": "2013-06-12T00:00:00",
"db": "BID",
"id": "60532"
},
{
"date": "2013-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004459"
},
{
"date": "2013-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-258"
},
{
"date": "2024-11-21T01:54:38.043000",
"db": "NVD",
"id": "CVE-2013-3963"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-258"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Grandstream Product goform/usermanage Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004459"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-258"
}
],
"trust": 0.6
}
}
var-201912-1585
Vulnerability from variot
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. plural Grandstream The product firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream is an IP phone, network video surveillance solution vendor. The affected products are as follows: GXV3500GXV3501GXV3504GXV3601GXV3601HD/LLGXV3611HD/LLGXV3615W/PGXV3615WP_HDGXV3651FHDGXV3662HD. Grandstream multiple IP cameras including GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, and GXV3500 are prone to multiple security-bypass vulnerabilities. An attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions. =============================================================================== GRANDSTREAM ==================================================================== ===============================================================================
1.Advisory Information Title: Grandstream Series Vulnerabilities Date Published: 12/06/2013 Date of last updated: 12/06/2013
2.Vulnerability Description The following vulnerability has been found in these devices: -CVE-2013-3542. Backdoor in Telnet Protocol(CAPEC-443) -CVE-2013-3962. Cross Site Scripting(CWE-79) -CVE-2013-3963. -CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963. It\x92s possible others models are affected but they were not checked.
4.PoC 4.1.Backdoor in Telnet Protocol CVE-2013-3542, Backdoor in Telnet Protocol You should connect via telnet protocol to any camera affected (it's open by default). After all you should be introduce the magic string \x93 !#/ \x94 as Username and as Password. You will get the admin panel setting menu. If you type "help", the following commands are shown: ======================================================= help, quit, status, restart, restore, upgrade, tty_test ======================================================= @@@ restore (Reset settings to factory default)
The attacker can take the device control, so it's make this devices very vulnerables.
4.2.Cross Site Scripting (XSS) CVE-2013-3962, Cross Site Scripting non-persistent.
http://xx.xx.xx.xx/alert(123)
4.3.Cross Site Request Forgery (CSRF) CVE-2013-3963, CSRF via GET method. A malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters. You should introduce the following URL to replicate the attack.
http://xx.xx.xx.xx/goform/usermanage?cmd=add&user.name=test3&user.password=test3&user.level=0
5.Credits -CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963 were discovered by Jon\xe1s Ropero Castillo.
6.Report Timeline -2013-05-31: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3542. -2013-05-31: Grandstream team reports to the technical support to analyze the vulnerability. -2013-06-11: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3962 and CVE-2013-3963 vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201308-05
http://security.gentoo.org/
Severity: High Title: Wireshark: Multiple vulnerabilities Date: August 28, 2013 Bugs: #398549, #427964, #431572, #433990, #470262, #472762, #478694 ID: 201308-05
Synopsis
Multiple vulnerabilities have been found in Wireshark, allowing remote attackers to execute arbitrary code or cause Denial of Service.
Background
Wireshark is a versatile network protocol analyzer.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/wireshark < 1.10.1 >= 1.10.1 *>= 1.8.9
Description
Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Wireshark 1.10 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.1"
All Wireshark 1.8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.8.9"
References
[ 1 ] CVE-2012-0041 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0041 [ 2 ] CVE-2012-0042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0042 [ 3 ] CVE-2012-0043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0043 [ 4 ] CVE-2012-0066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0066 [ 5 ] CVE-2012-0067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0067 [ 6 ] CVE-2012-0068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0068 [ 7 ] CVE-2012-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3548 [ 8 ] CVE-2012-4048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4048 [ 9 ] CVE-2012-4049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4049 [ 10 ] CVE-2012-4285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4285 [ 11 ] CVE-2012-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4286 [ 12 ] CVE-2012-4287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4287 [ 13 ] CVE-2012-4288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4288 [ 14 ] CVE-2012-4289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289 [ 15 ] CVE-2012-4290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290 [ 16 ] CVE-2012-4291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291 [ 17 ] CVE-2012-4292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292 [ 18 ] CVE-2012-4293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293 [ 19 ] CVE-2012-4294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294 [ 20 ] CVE-2012-4295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295 [ 21 ] CVE-2012-4296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296 [ 22 ] CVE-2012-4297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297 [ 23 ] CVE-2012-4298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298 [ 24 ] CVE-2013-3540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3540 [ 25 ] CVE-2013-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3541 [ 26 ] CVE-2013-3542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3542 [ 27 ] CVE-2013-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3555 [ 28 ] CVE-2013-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3556 [ 29 ] CVE-2013-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3557 [ 30 ] CVE-2013-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3558 [ 31 ] CVE-2013-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3559 [ 32 ] CVE-2013-4074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4074 [ 33 ] CVE-2013-4075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4075 [ 34 ] CVE-2013-4076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4076 [ 35 ] CVE-2013-4077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4077 [ 36 ] CVE-2013-4078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4078 [ 37 ] CVE-2013-4079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4079 [ 38 ] CVE-2013-4080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4080 [ 39 ] CVE-2013-4081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4081 [ 40 ] CVE-2013-4082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4082 [ 41 ] CVE-2013-4083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4083 [ 42 ] CVE-2013-4920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4920 [ 43 ] CVE-2013-4921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4921 [ 44 ] CVE-2013-4922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4922 [ 45 ] CVE-2013-4923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4923 [ 46 ] CVE-2013-4924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4924 [ 47 ] CVE-2013-4925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4925 [ 48 ] CVE-2013-4926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4926 [ 49 ] CVE-2013-4927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4927 [ 50 ] CVE-2013-4928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4928 [ 51 ] CVE-2013-4929 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4929 [ 52 ] CVE-2013-4930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4930 [ 53 ] CVE-2013-4931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4931 [ 54 ] CVE-2013-4932 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4932 [ 55 ] CVE-2013-4933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4933 [ 56 ] CVE-2013-4934 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4934 [ 57 ] CVE-2013-4935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4935 [ 58 ] CVE-2013-4936 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4936
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1585",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxv3501",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3504",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3601",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3601hd",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3601ll",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3611ll",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3615p",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3615w",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3651fhd",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3615wp hd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3611hd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3662hd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3500",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3611 hd",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3501 gxv3504 ip video encoders",
"scope": "eq",
"trust": 0.6,
"vendor": "grandstream",
"version": "/"
},
{
"model": "gxv3500 ip video encoder/decoder",
"scope": null,
"trust": 0.6,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv series ip cameras",
"scope": null,
"trust": 0.6,
"vendor": "grandstream",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:grandstream:gxv3501_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3504_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3601_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3601hd_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3601ll_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3611ll_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3611_hd_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3615p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3615w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3651fhd_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jon??s Ropero Castillo.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
}
],
"trust": 0.6
},
"cve": "CVE-2013-3542",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3542",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-08565",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-3542",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-3542",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3542",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2013-3542",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2013-08565",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-261",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2013-3542",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account \"!#/\" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. plural Grandstream The product firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream is an IP phone, network video surveillance solution vendor. The affected products are as follows: GXV3500GXV3501GXV3504GXV3601GXV3601HD/LLGXV3611HD/LLGXV3615W/PGXV3615WP_HDGXV3651FHDGXV3662HD. Grandstream multiple IP cameras including GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, and GXV3500 are prone to multiple security-bypass vulnerabilities. \nAn attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions. ===============================================================================\nGRANDSTREAM\n====================================================================\n===============================================================================\n\n1.Advisory Information\nTitle: Grandstream Series Vulnerabilities\nDate Published: 12/06/2013\nDate of last updated: 12/06/2013\n\n2.Vulnerability Description\nThe following vulnerability has been found in these devices:\n-CVE-2013-3542. Backdoor in Telnet Protocol(CAPEC-443)\n-CVE-2013-3962. Cross Site Scripting(CWE-79)\n-CVE-2013-3963. \n-CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963. \nIt\\x92s possible others models are affected but they were not checked. \n\n4.PoC\n4.1.Backdoor in Telnet Protocol\nCVE-2013-3542, Backdoor in Telnet Protocol\nYou should connect via telnet protocol to any camera affected (it\u0027s open by default). \nAfter all you should be introduce the magic string \\x93 !#/ \\x94 as Username and as Password. \nYou will get the admin panel setting menu. If you type \"help\", the following commands are shown:\n=======================================================\nhelp, quit, status, restart, restore, upgrade, tty_test\n=======================================================\n @@@ restore (Reset settings to factory default)\n\nThe attacker can take the device control, so it\u0027s make this devices very vulnerables. \n\n4.2.Cross Site Scripting (XSS)\nCVE-2013-3962, Cross Site Scripting non-persistent. \n_____________________________________________________________________________\nhttp://xx.xx.xx.xx/\u003cscript\u003ealert(123)\u003c/script\u003e\n_____________________________________________________________________________\n\n4.3.Cross Site Request Forgery (CSRF)\nCVE-2013-3963, CSRF via GET method. \nA malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters. \nYou should introduce the following URL to replicate the attack. \n_____________________________________________________________________________\nhttp://xx.xx.xx.xx/goform/usermanage?cmd=add\u0026user.name=test3\u0026user.password=test3\u0026user.level=0\n_____________________________________________________________________________\n\n5.Credits\n-CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963 were discovered by Jon\\xe1s Ropero Castillo. \n\n6.Report Timeline\n-2013-05-31: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3542. \n-2013-05-31: Grandstream team reports to the technical support to analyze the vulnerability. \n-2013-06-11: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3962 and CVE-2013-3963 vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201308-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Wireshark: Multiple vulnerabilities\n Date: August 28, 2013\n Bugs: #398549, #427964, #431572, #433990, #470262, #472762, #478694\n ID: 201308-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Wireshark, allowing remote\nattackers to execute arbitrary code or cause Denial of Service. \n\nBackground\n==========\n\nWireshark is a versatile network protocol analyzer. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-analyzer/wireshark \u003c 1.10.1 \u003e= 1.10.1\n *\u003e= 1.8.9\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Wireshark. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process or cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Wireshark 1.10 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/wireshark-1.10.1\"\n\nAll Wireshark 1.8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/wireshark-1.8.9\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-0041\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0041\n[ 2 ] CVE-2012-0042\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0042\n[ 3 ] CVE-2012-0043\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0043\n[ 4 ] CVE-2012-0066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0066\n[ 5 ] CVE-2012-0067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0067\n[ 6 ] CVE-2012-0068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0068\n[ 7 ] CVE-2012-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3548\n[ 8 ] CVE-2012-4048\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4048\n[ 9 ] CVE-2012-4049\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4049\n[ 10 ] CVE-2012-4285\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4285\n[ 11 ] CVE-2012-4286\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4286\n[ 12 ] CVE-2012-4287\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4287\n[ 13 ] CVE-2012-4288\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4288\n[ 14 ] CVE-2012-4289\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289\n[ 15 ] CVE-2012-4290\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290\n[ 16 ] CVE-2012-4291\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291\n[ 17 ] CVE-2012-4292\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292\n[ 18 ] CVE-2012-4293\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293\n[ 19 ] CVE-2012-4294\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294\n[ 20 ] CVE-2012-4295\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295\n[ 21 ] CVE-2012-4296\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296\n[ 22 ] CVE-2012-4297\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297\n[ 23 ] CVE-2012-4298\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298\n[ 24 ] CVE-2013-3540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3540\n[ 25 ] CVE-2013-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3541\n[ 26 ] CVE-2013-3542\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3542\n[ 27 ] CVE-2013-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3555\n[ 28 ] CVE-2013-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3556\n[ 29 ] CVE-2013-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3557\n[ 30 ] CVE-2013-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3558\n[ 31 ] CVE-2013-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3559\n[ 32 ] CVE-2013-4074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4074\n[ 33 ] CVE-2013-4075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4075\n[ 34 ] CVE-2013-4076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4076\n[ 35 ] CVE-2013-4077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4077\n[ 36 ] CVE-2013-4078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4078\n[ 37 ] CVE-2013-4079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4079\n[ 38 ] CVE-2013-4080\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4080\n[ 39 ] CVE-2013-4081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4081\n[ 40 ] CVE-2013-4082\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4082\n[ 41 ] CVE-2013-4083\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4083\n[ 42 ] CVE-2013-4920\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4920\n[ 43 ] CVE-2013-4921\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4921\n[ 44 ] CVE-2013-4922\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4922\n[ 45 ] CVE-2013-4923\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4923\n[ 46 ] CVE-2013-4924\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4924\n[ 47 ] CVE-2013-4925\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4925\n[ 48 ] CVE-2013-4926\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4926\n[ 49 ] CVE-2013-4927\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4927\n[ 50 ] CVE-2013-4928\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4928\n[ 51 ] CVE-2013-4929\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4929\n[ 52 ] CVE-2013-4930\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4930\n[ 53 ] CVE-2013-4931\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4931\n[ 54 ] CVE-2013-4932\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4932\n[ 55 ] CVE-2013-4933\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4933\n[ 56 ] CVE-2013-4934\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4934\n[ 57 ] CVE-2013-4935\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4935\n[ 58 ] CVE-2013-4936\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4936\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201308-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3542"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "BID",
"id": "60535"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "PACKETSTORM",
"id": "122983"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3542",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "122004",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "53763",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-08565",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261",
"trust": 0.6
},
{
"db": "BID",
"id": "60535",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2013-3542",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122983",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "BID",
"id": "60535"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"id": "VAR-201912-1585",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
}
],
"trust": 1.25875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
}
]
},
"last_update_date": "2024-11-23T20:53:37.157000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2013/jun/84"
},
{
"trust": 1.7,
"url": "https://www.youtube.com/watch?v=xkcbs4lenhi"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3542"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3542"
},
{
"trust": 0.6,
"url": "http://www.secunia.com/advisories/53763/"
},
{
"trust": 0.6,
"url": "http://packetstormsecurity.com/files/122004/grandstream-backdoor-cross-site-request-forgery-cross-site-scripting.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/60535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3963"
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/\u003cscript\u003ealert(123)\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/goform/usermanage?cmd=add\u0026user.name=test3\u0026user.password=test3\u0026user.level=0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4933"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3541"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4081"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4298"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4289"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4296"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0042"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3540"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4924"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4078"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4297"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4932"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4287"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4080"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4082"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0041"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4287"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4931"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4048"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4285"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4291"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4083"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4936"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4926"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4923"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4920"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4286"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4927"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4935"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3556"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4294"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4048"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4286"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4077"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4291"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4929"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4921"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3559"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3557"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4049"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201308-05.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4289"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4290"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0041"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4294"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4076"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4925"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4290"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3540"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4298"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4297"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4079"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "BID",
"id": "60535"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"date": "2019-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"date": "2013-06-12T00:00:00",
"db": "BID",
"id": "60535"
},
{
"date": "2019-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"date": "2013-06-13T06:12:41",
"db": "PACKETSTORM",
"id": "122004"
},
{
"date": "2013-08-29T02:49:21",
"db": "PACKETSTORM",
"id": "122983"
},
{
"date": "2013-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"date": "2019-12-11T19:15:11.407000",
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"date": "2019-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"date": "2013-08-30T00:13:00",
"db": "BID",
"id": "60535"
},
{
"date": "2019-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"date": "2019-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"date": "2024-11-21T01:53:51.560000",
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Grandstream Vulnerabilities related to the use of hard-coded credentials in product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
}
],
"trust": 0.6
}
}
var-201310-0247
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Unknown cross-site scripting vulnerabilities existed in multiple IP Cameras from Grandstream. Grandstream is an IP phone, network video surveillance solution vendor. The telnet service in multiple Grandstream products uses a built-in account that allows remote attackers to use this account to gain unauthorized access to factory reset or upgrade firmware. The affected products are as follows: GXV3500GXV3501GXV3504GXV3601GXV3601HD/LLGXV3611HD/LLGXV3615W/PGXV3615WP_HDGXV3651FHDGXV3662HD. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Grandstream GXV3501 and others are network camera products of American Grandstream Networks (Grandstream) company. =============================================================================== GRANDSTREAM ==================================================================== ===============================================================================
1.Advisory Information Title: Grandstream Series Vulnerabilities Date Published: 12/06/2013 Date of last updated: 12/06/2013
2.Vulnerability Description The following vulnerability has been found in these devices: -CVE-2013-3542. Backdoor in Telnet Protocol(CAPEC-443) -CVE-2013-3962. Cross Site Scripting(CWE-79) -CVE-2013-3963. -CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963. It\x92s possible others models are affected but they were not checked.
4.PoC 4.1.Backdoor in Telnet Protocol CVE-2013-3542, Backdoor in Telnet Protocol You should connect via telnet protocol to any camera affected (it's open by default). After all you should be introduce the magic string \x93 !#/ \x94 as Username and as Password. You will get the admin panel setting menu. If you type "help", the following commands are shown: ======================================================= help, quit, status, restart, restore, upgrade, tty_test ======================================================= @@@ restore (Reset settings to factory default)
The attacker can take the device control, so it's make this devices very vulnerables.
4.2.Cross Site Scripting (XSS) CVE-2013-3962, Cross Site Scripting non-persistent.
http://xx.xx.xx.xx/alert(123)
4.3.Cross Site Request Forgery (CSRF) CVE-2013-3963, CSRF via GET method. These cameras use a web interface which is prone to CSRF vulnerabilities. A malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters. You should introduce the following URL to replicate the attack.
http://xx.xx.xx.xx/goform/usermanage?cmd=add&user.name=test3&user.password=test3&user.level=0
5.Credits -CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963 were discovered by Jon\xe1s Ropero Castillo.
6.Report Timeline -2013-05-31: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3542. -2013-05-31: Grandstream team reports to the technical support to analyze the vulnerability. -2013-06-11: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3962 and CVE-2013-3963 vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0247",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.16"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.3.9"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.42"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.27"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.7"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.38"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.6"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.39"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.2.3"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.6,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3500",
"scope": null,
"trust": 1.4,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3615wp hd",
"scope": null,
"trust": 1.4,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3662hd",
"scope": null,
"trust": 1.4,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3651fhd",
"scope": null,
"trust": 1.4,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3615w/p",
"scope": null,
"trust": 1.4,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3611hd/ll",
"scope": null,
"trust": 1.4,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3601hd/ll",
"scope": null,
"trust": 1.4,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3601",
"scope": null,
"trust": 1.4,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3504",
"scope": null,
"trust": 1.4,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3501",
"scope": null,
"trust": 1.4,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv device",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.43"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.37"
},
{
"model": "gxv device",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.34"
},
{
"model": "gxv3651fhd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3501",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3611hd\\/ll",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3615wp hd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3615w\\/p",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3662hd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3500",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3504",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3601",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3601hd\\/ll",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv",
"scope": "lt",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.44"
},
{
"model": "gxv device",
"scope": "lte",
"trust": 0.6,
"vendor": "grandstream",
"version": "\u003c=1.0.4.43"
},
{
"model": "gxv3501 gxv3504 ip video encoders",
"scope": "eq",
"trust": 0.6,
"vendor": "grandstream",
"version": "/"
},
{
"model": "gxv3500 ip video encoder/decoder",
"scope": null,
"trust": 0.6,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv series ip cameras",
"scope": null,
"trust": 0.6,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3662hd",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3651fhd",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3615wp hd",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3615w/p",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3611hd/ll",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3601hd/ll",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3601",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3504",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3501",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
},
{
"model": "gxv3500",
"scope": "eq",
"trust": 0.3,
"vendor": "grandstream",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13693"
},
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "BID",
"id": "60531"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004458"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-257"
},
{
"db": "NVD",
"id": "CVE-2013-3962"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:grandstream:gxv_device_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3501",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3504",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3601",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3601hd%2fll",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3611hd%2fll",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3615w%2fp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3615wp_hd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3651fhd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:grandstream:gxv3662hd",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004458"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jons Ropero Castillo.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-257"
}
],
"trust": 0.6
},
"cve": "CVE-2013-3962",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-3962",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-13693",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-08565",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-63964",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3962",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-3962",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-13693",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-08565",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-257",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63964",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13693"
},
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULHUB",
"id": "VHN-63964"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004458"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-257"
},
{
"db": "NVD",
"id": "CVE-2013-3962"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Unknown cross-site scripting vulnerabilities existed in multiple IP Cameras from Grandstream. Grandstream is an IP phone, network video surveillance solution vendor. The telnet service in multiple Grandstream products uses a built-in account that allows remote attackers to use this account to gain unauthorized access to factory reset or upgrade firmware. The affected products are as follows: GXV3500GXV3501GXV3504GXV3601GXV3601HD/LLGXV3611HD/LLGXV3615W/PGXV3615WP_HDGXV3651FHDGXV3662HD. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Grandstream GXV3501 and others are network camera products of American Grandstream Networks (Grandstream) company. ===============================================================================\nGRANDSTREAM\n====================================================================\n===============================================================================\n\n1.Advisory Information\nTitle: Grandstream Series Vulnerabilities\nDate Published: 12/06/2013\nDate of last updated: 12/06/2013\n\n2.Vulnerability Description\nThe following vulnerability has been found in these devices:\n-CVE-2013-3542. Backdoor in Telnet Protocol(CAPEC-443)\n-CVE-2013-3962. Cross Site Scripting(CWE-79)\n-CVE-2013-3963. \n-CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963. \nIt\\x92s possible others models are affected but they were not checked. \n\n4.PoC\n4.1.Backdoor in Telnet Protocol\nCVE-2013-3542, Backdoor in Telnet Protocol\nYou should connect via telnet protocol to any camera affected (it\u0027s open by default). \nAfter all you should be introduce the magic string \\x93 !#/ \\x94 as Username and as Password. \nYou will get the admin panel setting menu. If you type \"help\", the following commands are shown:\n=======================================================\nhelp, quit, status, restart, restore, upgrade, tty_test\n=======================================================\n @@@ restore (Reset settings to factory default)\n\nThe attacker can take the device control, so it\u0027s make this devices very vulnerables. \n\n4.2.Cross Site Scripting (XSS)\nCVE-2013-3962, Cross Site Scripting non-persistent. \n_____________________________________________________________________________\nhttp://xx.xx.xx.xx/\u003cscript\u003ealert(123)\u003c/script\u003e\n_____________________________________________________________________________\n\n4.3.Cross Site Request Forgery (CSRF)\nCVE-2013-3963, CSRF via GET method. \nThese cameras use a web interface which is prone to CSRF vulnerabilities. \nA malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters. \nYou should introduce the following URL to replicate the attack. \n_____________________________________________________________________________\nhttp://xx.xx.xx.xx/goform/usermanage?cmd=add\u0026user.name=test3\u0026user.password=test3\u0026user.level=0\n_____________________________________________________________________________\n\n5.Credits\n-CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963 were discovered by Jon\\xe1s Ropero Castillo. \n\n6.Report Timeline\n-2013-05-31: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3542. \n-2013-05-31: Grandstream team reports to the technical support to analyze the vulnerability. \n-2013-06-11: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3962 and CVE-2013-3963 vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3962"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004458"
},
{
"db": "CNVD",
"id": "CNVD-2013-13693"
},
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "BID",
"id": "60531"
},
{
"db": "VULHUB",
"id": "VHN-63964"
},
{
"db": "PACKETSTORM",
"id": "122004"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3962",
"trust": 3.5
},
{
"db": "BID",
"id": "60531",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004458",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "122004",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201306-257",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-13693",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "53763",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-08565",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20130612 SECURITY ANALYSIS OF IP VIDEO SURVEILLANCE CAMERAS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-63964",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13693"
},
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULHUB",
"id": "VHN-63964"
},
{
"db": "BID",
"id": "60531"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004458"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-257"
},
{
"db": "NVD",
"id": "CVE-2013-3962"
}
]
},
"id": "VAR-201310-0247",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13693"
},
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULHUB",
"id": "VHN-63964"
}
],
"trust": 1.9419642857142856
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13693"
},
{
"db": "CNVD",
"id": "CNVD-2013-08565"
}
]
},
"last_update_date": "2024-11-23T20:19:43.819000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware Release Notes",
"trust": 0.8,
"url": "http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV35xx_GXV36xx_H1.0.4.44.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004458"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63964"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004458"
},
{
"db": "NVD",
"id": "CVE-2013-3962"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://seclists.org/fulldisclosure/2013/jun/84"
},
{
"trust": 2.3,
"url": "http://www.grandstream.com/firmware/betatest/gxv35xx_gxv36xx_h/release_note_gxv35xx_gxv36xx_h1.0.4.44.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3962"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3962"
},
{
"trust": 0.6,
"url": "http://www.secunia.com/advisories/53763/"
},
{
"trust": 0.6,
"url": "http://packetstormsecurity.com/files/122004/grandstream-backdoor-cross-site-request-forgery-cross-site-scripting.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60531"
},
{
"trust": 0.3,
"url": "http://www.grandstream.com/index.php/products/ip-video-surveillance"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3542"
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/\u003cscript\u003ealert(123)\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/goform/usermanage?cmd=add\u0026user.name=test3\u0026user.password=test3\u0026user.level=0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3962"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13693"
},
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULHUB",
"id": "VHN-63964"
},
{
"db": "BID",
"id": "60531"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004458"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-257"
},
{
"db": "NVD",
"id": "CVE-2013-3962"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13693"
},
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULHUB",
"id": "VHN-63964"
},
{
"db": "BID",
"id": "60531"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004458"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-257"
},
{
"db": "NVD",
"id": "CVE-2013-3962"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13693"
},
{
"date": "2013-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"date": "2013-10-01T00:00:00",
"db": "VULHUB",
"id": "VHN-63964"
},
{
"date": "2013-06-12T00:00:00",
"db": "BID",
"id": "60531"
},
{
"date": "2013-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004458"
},
{
"date": "2013-06-13T06:12:41",
"db": "PACKETSTORM",
"id": "122004"
},
{
"date": "2013-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-257"
},
{
"date": "2013-10-01T19:55:09.427000",
"db": "NVD",
"id": "CVE-2013-3962"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13693"
},
{
"date": "2013-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"date": "2013-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-63964"
},
{
"date": "2013-06-12T00:00:00",
"db": "BID",
"id": "60531"
},
{
"date": "2013-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004458"
},
{
"date": "2013-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-257"
},
{
"date": "2024-11-21T01:54:37.900000",
"db": "NVD",
"id": "CVE-2013-3962"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-257"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Grandstream Product cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004458"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-257"
}
],
"trust": 0.6
}
}