var-201912-1585
Vulnerability from variot
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. plural Grandstream The product firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream is an IP phone, network video surveillance solution vendor. The affected products are as follows: GXV3500GXV3501GXV3504GXV3601GXV3601HD/LLGXV3611HD/LLGXV3615W/PGXV3615WP_HDGXV3651FHDGXV3662HD. Grandstream multiple IP cameras including GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, and GXV3500 are prone to multiple security-bypass vulnerabilities. An attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions. =============================================================================== GRANDSTREAM ==================================================================== ===============================================================================
1.Advisory Information Title: Grandstream Series Vulnerabilities Date Published: 12/06/2013 Date of last updated: 12/06/2013
2.Vulnerability Description The following vulnerability has been found in these devices: -CVE-2013-3542. Backdoor in Telnet Protocol(CAPEC-443) -CVE-2013-3962. Cross Site Scripting(CWE-79) -CVE-2013-3963. -CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963. It\x92s possible others models are affected but they were not checked.
4.PoC 4.1.Backdoor in Telnet Protocol CVE-2013-3542, Backdoor in Telnet Protocol You should connect via telnet protocol to any camera affected (it's open by default). After all you should be introduce the magic string \x93 !#/ \x94 as Username and as Password. You will get the admin panel setting menu. If you type "help", the following commands are shown: ======================================================= help, quit, status, restart, restore, upgrade, tty_test ======================================================= @@@ restore (Reset settings to factory default)
The attacker can take the device control, so it's make this devices very vulnerables.
4.2.Cross Site Scripting (XSS) CVE-2013-3962, Cross Site Scripting non-persistent.
http://xx.xx.xx.xx/alert(123)
4.3.Cross Site Request Forgery (CSRF) CVE-2013-3963, CSRF via GET method. A malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters. You should introduce the following URL to replicate the attack.
http://xx.xx.xx.xx/goform/usermanage?cmd=add&user.name=test3&user.password=test3&user.level=0
5.Credits -CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963 were discovered by Jon\xe1s Ropero Castillo.
6.Report Timeline -2013-05-31: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3542. -2013-05-31: Grandstream team reports to the technical support to analyze the vulnerability. -2013-06-11: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3962 and CVE-2013-3963 vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201308-05
http://security.gentoo.org/
Severity: High Title: Wireshark: Multiple vulnerabilities Date: August 28, 2013 Bugs: #398549, #427964, #431572, #433990, #470262, #472762, #478694 ID: 201308-05
Synopsis
Multiple vulnerabilities have been found in Wireshark, allowing remote attackers to execute arbitrary code or cause Denial of Service.
Background
Wireshark is a versatile network protocol analyzer.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/wireshark < 1.10.1 >= 1.10.1 *>= 1.8.9
Description
Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Wireshark 1.10 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.10.1"
All Wireshark 1.8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-1.8.9"
References
[ 1 ] CVE-2012-0041 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0041 [ 2 ] CVE-2012-0042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0042 [ 3 ] CVE-2012-0043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0043 [ 4 ] CVE-2012-0066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0066 [ 5 ] CVE-2012-0067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0067 [ 6 ] CVE-2012-0068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0068 [ 7 ] CVE-2012-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3548 [ 8 ] CVE-2012-4048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4048 [ 9 ] CVE-2012-4049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4049 [ 10 ] CVE-2012-4285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4285 [ 11 ] CVE-2012-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4286 [ 12 ] CVE-2012-4287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4287 [ 13 ] CVE-2012-4288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4288 [ 14 ] CVE-2012-4289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289 [ 15 ] CVE-2012-4290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290 [ 16 ] CVE-2012-4291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291 [ 17 ] CVE-2012-4292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292 [ 18 ] CVE-2012-4293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293 [ 19 ] CVE-2012-4294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294 [ 20 ] CVE-2012-4295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295 [ 21 ] CVE-2012-4296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296 [ 22 ] CVE-2012-4297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297 [ 23 ] CVE-2012-4298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298 [ 24 ] CVE-2013-3540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3540 [ 25 ] CVE-2013-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3541 [ 26 ] CVE-2013-3542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3542 [ 27 ] CVE-2013-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3555 [ 28 ] CVE-2013-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3556 [ 29 ] CVE-2013-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3557 [ 30 ] CVE-2013-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3558 [ 31 ] CVE-2013-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3559 [ 32 ] CVE-2013-4074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4074 [ 33 ] CVE-2013-4075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4075 [ 34 ] CVE-2013-4076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4076 [ 35 ] CVE-2013-4077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4077 [ 36 ] CVE-2013-4078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4078 [ 37 ] CVE-2013-4079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4079 [ 38 ] CVE-2013-4080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4080 [ 39 ] CVE-2013-4081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4081 [ 40 ] CVE-2013-4082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4082 [ 41 ] CVE-2013-4083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4083 [ 42 ] CVE-2013-4920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4920 [ 43 ] CVE-2013-4921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4921 [ 44 ] CVE-2013-4922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4922 [ 45 ] CVE-2013-4923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4923 [ 46 ] CVE-2013-4924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4924 [ 47 ] CVE-2013-4925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4925 [ 48 ] CVE-2013-4926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4926 [ 49 ] CVE-2013-4927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4927 [ 50 ] CVE-2013-4928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4928 [ 51 ] CVE-2013-4929 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4929 [ 52 ] CVE-2013-4930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4930 [ 53 ] CVE-2013-4931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4931 [ 54 ] CVE-2013-4932 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4932 [ 55 ] CVE-2013-4933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4933 [ 56 ] CVE-2013-4934 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4934 [ 57 ] CVE-2013-4935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4935 [ 58 ] CVE-2013-4936 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4936
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1585",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxv3501",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3504",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3601",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3601hd",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3601ll",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3611ll",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3615p",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3615w",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3651fhd",
"scope": "eq",
"trust": 1.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3615wp hd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3611hd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3662hd",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3500",
"scope": "eq",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3611 hd",
"scope": "eq",
"trust": 0.8,
"vendor": "grandstream",
"version": "1.0.4.11"
},
{
"model": "gxv3501 gxv3504 ip video encoders",
"scope": "eq",
"trust": 0.6,
"vendor": "grandstream",
"version": "/"
},
{
"model": "gxv3500 ip video encoder/decoder",
"scope": null,
"trust": 0.6,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv series ip cameras",
"scope": null,
"trust": 0.6,
"vendor": "grandstream",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:grandstream:gxv3501_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3504_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3601_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3601hd_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3601ll_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3611ll_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3611_hd_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3615p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3615w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3651fhd_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jon??s Ropero Castillo.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
}
],
"trust": 0.6
},
"cve": "CVE-2013-3542",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3542",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-08565",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-3542",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-3542",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3542",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2013-3542",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2013-08565",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-261",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2013-3542",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account \"!#/\" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session. plural Grandstream The product firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream is an IP phone, network video surveillance solution vendor. The affected products are as follows: GXV3500GXV3501GXV3504GXV3601GXV3601HD/LLGXV3611HD/LLGXV3615W/PGXV3615WP_HDGXV3651FHDGXV3662HD. Grandstream multiple IP cameras including GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, and GXV3500 are prone to multiple security-bypass vulnerabilities. \nAn attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions. ===============================================================================\nGRANDSTREAM\n====================================================================\n===============================================================================\n\n1.Advisory Information\nTitle: Grandstream Series Vulnerabilities\nDate Published: 12/06/2013\nDate of last updated: 12/06/2013\n\n2.Vulnerability Description\nThe following vulnerability has been found in these devices:\n-CVE-2013-3542. Backdoor in Telnet Protocol(CAPEC-443)\n-CVE-2013-3962. Cross Site Scripting(CWE-79)\n-CVE-2013-3963. \n-CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963. \nIt\\x92s possible others models are affected but they were not checked. \n\n4.PoC\n4.1.Backdoor in Telnet Protocol\nCVE-2013-3542, Backdoor in Telnet Protocol\nYou should connect via telnet protocol to any camera affected (it\u0027s open by default). \nAfter all you should be introduce the magic string \\x93 !#/ \\x94 as Username and as Password. \nYou will get the admin panel setting menu. If you type \"help\", the following commands are shown:\n=======================================================\nhelp, quit, status, restart, restore, upgrade, tty_test\n=======================================================\n @@@ restore (Reset settings to factory default)\n\nThe attacker can take the device control, so it\u0027s make this devices very vulnerables. \n\n4.2.Cross Site Scripting (XSS)\nCVE-2013-3962, Cross Site Scripting non-persistent. \n_____________________________________________________________________________\nhttp://xx.xx.xx.xx/\u003cscript\u003ealert(123)\u003c/script\u003e\n_____________________________________________________________________________\n\n4.3.Cross Site Request Forgery (CSRF)\nCVE-2013-3963, CSRF via GET method. \nA malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters. \nYou should introduce the following URL to replicate the attack. \n_____________________________________________________________________________\nhttp://xx.xx.xx.xx/goform/usermanage?cmd=add\u0026user.name=test3\u0026user.password=test3\u0026user.level=0\n_____________________________________________________________________________\n\n5.Credits\n-CVE-2013-3542, CVE-2013-3962 and CVE-2013-3963 were discovered by Jon\\xe1s Ropero Castillo. \n\n6.Report Timeline\n-2013-05-31: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3542. \n-2013-05-31: Grandstream team reports to the technical support to analyze the vulnerability. \n-2013-06-11: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3962 and CVE-2013-3963 vulnerabilities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201308-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Wireshark: Multiple vulnerabilities\n Date: August 28, 2013\n Bugs: #398549, #427964, #431572, #433990, #470262, #472762, #478694\n ID: 201308-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Wireshark, allowing remote\nattackers to execute arbitrary code or cause Denial of Service. \n\nBackground\n==========\n\nWireshark is a versatile network protocol analyzer. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-analyzer/wireshark \u003c 1.10.1 \u003e= 1.10.1\n *\u003e= 1.8.9\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Wireshark. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process or cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Wireshark 1.10 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/wireshark-1.10.1\"\n\nAll Wireshark 1.8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/wireshark-1.8.9\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-0041\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0041\n[ 2 ] CVE-2012-0042\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0042\n[ 3 ] CVE-2012-0043\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0043\n[ 4 ] CVE-2012-0066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0066\n[ 5 ] CVE-2012-0067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0067\n[ 6 ] CVE-2012-0068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0068\n[ 7 ] CVE-2012-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3548\n[ 8 ] CVE-2012-4048\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4048\n[ 9 ] CVE-2012-4049\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4049\n[ 10 ] CVE-2012-4285\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4285\n[ 11 ] CVE-2012-4286\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4286\n[ 12 ] CVE-2012-4287\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4287\n[ 13 ] CVE-2012-4288\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4288\n[ 14 ] CVE-2012-4289\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289\n[ 15 ] CVE-2012-4290\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290\n[ 16 ] CVE-2012-4291\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291\n[ 17 ] CVE-2012-4292\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292\n[ 18 ] CVE-2012-4293\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293\n[ 19 ] CVE-2012-4294\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294\n[ 20 ] CVE-2012-4295\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295\n[ 21 ] CVE-2012-4296\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296\n[ 22 ] CVE-2012-4297\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297\n[ 23 ] CVE-2012-4298\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298\n[ 24 ] CVE-2013-3540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3540\n[ 25 ] CVE-2013-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3541\n[ 26 ] CVE-2013-3542\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3542\n[ 27 ] CVE-2013-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3555\n[ 28 ] CVE-2013-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3556\n[ 29 ] CVE-2013-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3557\n[ 30 ] CVE-2013-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3558\n[ 31 ] CVE-2013-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3559\n[ 32 ] CVE-2013-4074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4074\n[ 33 ] CVE-2013-4075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4075\n[ 34 ] CVE-2013-4076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4076\n[ 35 ] CVE-2013-4077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4077\n[ 36 ] CVE-2013-4078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4078\n[ 37 ] CVE-2013-4079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4079\n[ 38 ] CVE-2013-4080\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4080\n[ 39 ] CVE-2013-4081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4081\n[ 40 ] CVE-2013-4082\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4082\n[ 41 ] CVE-2013-4083\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4083\n[ 42 ] CVE-2013-4920\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4920\n[ 43 ] CVE-2013-4921\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4921\n[ 44 ] CVE-2013-4922\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4922\n[ 45 ] CVE-2013-4923\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4923\n[ 46 ] CVE-2013-4924\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4924\n[ 47 ] CVE-2013-4925\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4925\n[ 48 ] CVE-2013-4926\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4926\n[ 49 ] CVE-2013-4927\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4927\n[ 50 ] CVE-2013-4928\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4928\n[ 51 ] CVE-2013-4929\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4929\n[ 52 ] CVE-2013-4930\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4930\n[ 53 ] CVE-2013-4931\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4931\n[ 54 ] CVE-2013-4932\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4932\n[ 55 ] CVE-2013-4933\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4933\n[ 56 ] CVE-2013-4934\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4934\n[ 57 ] CVE-2013-4935\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4935\n[ 58 ] CVE-2013-4936\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4936\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201308-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3542"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "BID",
"id": "60535"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "PACKETSTORM",
"id": "122983"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3542",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "122004",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "53763",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-08565",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261",
"trust": 0.6
},
{
"db": "BID",
"id": "60535",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2013-3542",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122983",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "BID",
"id": "60535"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"id": "VAR-201912-1585",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
}
],
"trust": 1.25875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
}
]
},
"last_update_date": "2024-11-23T20:53:37.157000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.grandstream.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2013/jun/84"
},
{
"trust": 1.7,
"url": "https://www.youtube.com/watch?v=xkcbs4lenhi"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3542"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3542"
},
{
"trust": 0.6,
"url": "http://www.secunia.com/advisories/53763/"
},
{
"trust": 0.6,
"url": "http://packetstormsecurity.com/files/122004/grandstream-backdoor-cross-site-request-forgery-cross-site-scripting.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/60535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3963"
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/\u003cscript\u003ealert(123)\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "http://xx.xx.xx.xx/goform/usermanage?cmd=add\u0026user.name=test3\u0026user.password=test3\u0026user.level=0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4933"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3541"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4081"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4298"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4289"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4296"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0042"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3540"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4924"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4078"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4297"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4932"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4287"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4080"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4082"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0041"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4287"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4931"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4048"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4285"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4291"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4083"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4936"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4926"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4923"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4920"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4286"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4927"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4935"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3556"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4294"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4048"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4286"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4077"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4291"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4929"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4921"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3559"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3557"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4049"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201308-05.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4289"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4290"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0041"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4294"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4076"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4925"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4290"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3540"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4298"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4297"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4079"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"db": "BID",
"id": "60535"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"db": "PACKETSTORM",
"id": "122004"
},
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"date": "2019-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"date": "2013-06-12T00:00:00",
"db": "BID",
"id": "60535"
},
{
"date": "2019-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"date": "2013-06-13T06:12:41",
"db": "PACKETSTORM",
"id": "122004"
},
{
"date": "2013-08-29T02:49:21",
"db": "PACKETSTORM",
"id": "122983"
},
{
"date": "2013-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"date": "2019-12-11T19:15:11.407000",
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08565"
},
{
"date": "2019-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3542"
},
{
"date": "2013-08-30T00:13:00",
"db": "BID",
"id": "60535"
},
{
"date": "2019-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007004"
},
{
"date": "2019-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-261"
},
{
"date": "2024-11-21T01:53:51.560000",
"db": "NVD",
"id": "CVE-2013-3542"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "122983"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Grandstream Vulnerabilities related to the use of hard-coded credentials in product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-261"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.