Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2013-3963

Published: 01/10/2013 Updated: 02/10/2013
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote malicious users to hijack the authentication of unspecified victims for requests that add users.

Vulnerable Product Search on Vulmon Subscribe to Product

grandstream gxv device firmware

grandstream gxv device firmware 1.0.2.3

grandstream gxv device firmware 1.0.3.9

grandstream gxv device firmware 1.0.4.6

grandstream gxv device firmware 1.0.4.7

grandstream gxv device firmware 1.0.4.11

grandstream gxv device firmware 1.0.4.16

grandstream gxv device firmware 1.0.4.27

grandstream gxv device firmware 1.0.4.34

grandstream gxv device firmware 1.0.4.37

grandstream gxv device firmware 1.0.4.38

grandstream gxv device firmware 1.0.4.39

grandstream gxv device firmware 1.0.4.42

grandstream gxv3500 -

grandstream gxv3501 -

grandstream gxv3504 -

grandstream gxv3601 -

grandstream gxv3601hd/ll -

grandstream gxv3611hd/ll -

grandstream gxv3615w/p -

grandstream gxv3615wp hd -

grandstream gxv3651fhd -

grandstream gxv3662hd -

Exploits

Exploit DB: Grandstream Multiple IP Cameras - Cross-Site Request Forgery
source: wwwsecurityfocuscom/bid/60532/info Grandstream multiple IP cameras including GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, and GXV3500 are prone to a cross-site request-forgery vulnerability Exploiting this issue may allow a remote attacker to perform certain unauthorized ...
Exploit DB: Grandstream Backdoor / Cross Site Request Forgery / Cross Site Scripting
Grandstream Series IP cameras suffer from backdoor, cross site request forgery, and cross site scripting vulnerabilities ...

References

CWE-352http://seclists.org/fulldisclosure/2013/Jun/84https://nvd.nist.govhttps://www.exploit-db.com/exploits/38584/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRFserver-side request forgeryCVE-2024-30067CVE-2024-5553CVE-2024-30095IDORCVE-2024-35252CVE-2024-23692CVE-2024-27801
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook