Vulnerability Details CVE-2013-3963
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.8%
CVSS Severity
CVSS v2 Score 6.8
References
Products affected by CVE-2013-3963
-
cpe:2.3:h:grandstream:gxv3500:-
-
cpe:2.3:h:grandstream:gxv3501:-
-
cpe:2.3:h:grandstream:gxv3504:-
-
cpe:2.3:h:grandstream:gxv3601:-
-
cpe:2.3:h:grandstream:gxv3601hd/ll:-
-
cpe:2.3:h:grandstream:gxv3611hd/ll:-
-
cpe:2.3:h:grandstream:gxv3615w/p:-
-
cpe:2.3:h:grandstream:gxv3615wp_hd:-
-
cpe:2.3:h:grandstream:gxv3651fhd:-
-
cpe:2.3:h:grandstream:gxv3662hd:-
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.2.3
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.3.9
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.11
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.16
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.27
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.34
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.37
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.38
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.39
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.42
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.43
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.6
-
cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.7