Vulnerability Details CVE-2013-3962
Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://seclists.org/fulldisclosure/2013/Jun/84
- http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV35xx_GXV36xx_H1.0.4.44.pdf
- http://seclists.org/fulldisclosure/2013/Jun/84
- http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV35xx_GXV36xx_H1.0.4.44.pdf
Products affected by CVE-2013-3962
-
cpe:2.3:h:grandstream:gxv3500:-
-
cpe:2.3:h:grandstream:gxv3501:-
-
cpe:2.3:h:grandstream:gxv3504:-
-
cpe:2.3:h:grandstream:gxv3601:-
-
cpe:2.3:h:grandstream:gxv3601hd/ll:-
-
cpe:2.3:h:grandstream:gxv3611hd/ll:-
-
cpe:2.3:h:grandstream:gxv3615w/p:-
-
cpe:2.3:h:grandstream:gxv3615wp_hd:-
-
cpe:2.3:h:grandstream:gxv3651fhd:-
-
cpe:2.3:h:grandstream:gxv3662hd:-
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.2.3
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.3.9
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.11
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.16
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.27
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.34
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.37
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.38
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.39
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.42
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.43
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.6
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.7