Lucene search

[email protected]CVE-2013-3962

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-3962

2022-10-0316:14:44

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-3962

information security

xss

grandstream

camera

firmware

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.5

Confidence

Low

EPSS

0.001

Percentile

46.0%

JSON

Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Affected configurations

NVD

Node

grandstreamgxv_device_firmwareRange≤1.0.4.43

grandstreamgxv_device_firmwareMatch1.0.2.3

grandstreamgxv_device_firmwareMatch1.0.3.9

grandstreamgxv_device_firmwareMatch1.0.4.6

grandstreamgxv_device_firmwareMatch1.0.4.7

grandstreamgxv_device_firmwareMatch1.0.4.11

grandstreamgxv_device_firmwareMatch1.0.4.16

grandstreamgxv_device_firmwareMatch1.0.4.27

grandstreamgxv_device_firmwareMatch1.0.4.34

grandstreamgxv_device_firmwareMatch1.0.4.37

grandstreamgxv_device_firmwareMatch1.0.4.38

grandstreamgxv_device_firmwareMatch1.0.4.39

grandstreamgxv_device_firmwareMatch1.0.4.42

AND

grandstreamgxv3500Match-

grandstreamgxv3501Match-

grandstreamgxv3504Match-

grandstreamgxv3601Match-

grandstreamgxv3601hd\/llMatch-

grandstreamgxv3611hd\/llMatch-

grandstreamgxv3615w\/pMatch-

grandstreamgxv3615wp_hdMatch-

grandstreamgxv3651fhdMatch-

grandstreamgxv3662hdMatch-

VendorProductVersionCPE
grandstreamgxv3504-cpe:/h:grandstream:gxv3504:-:::
grandstreamgxv_device_firmware1.0.4.16cpe:/o:grandstream:gxv_device_firmware:1.0.4.16:::
grandstreamgxv_device_firmware1.0.4.38cpe:/o:grandstream:gxv_device_firmware:1.0.4.38:::
grandstreamgxv_device_firmware1.0.4.27cpe:/o:grandstream:gxv_device_firmware:1.0.4.27:::
grandstreamgxv3601hd/ll-cpe:/h:grandstream:gxv3601hd/ll:-:::
grandstreamgxv_device_firmware1.0.4.7cpe:/o:grandstream:gxv_device_firmware:1.0.4.7:::
grandstreamgxv_device_firmware1.0.4.39cpe:/o:grandstream:gxv_device_firmware:1.0.4.39:::
grandstreamgxv_device_firmware1.0.2.3cpe:/o:grandstream:gxv_device_firmware:1.0.2.3:::
grandstreamgxv3615wp_hd-cpe:/h:grandstream:gxv3615wp_hd:-:::
grandstreamgxv_device_firmware1.0.4.42cpe:/o:grandstream:gxv_device_firmware:1.0.4.42:::

Vendor	Product	Version	CPE
grandstream	gxv3504	-	cpe:/h:grandstream:gxv3504:-:::
grandstream	gxv_device_firmware	1.0.4.16	cpe:/o:grandstream:gxv_device_firmware:1.0.4.16:::
grandstream	gxv_device_firmware	1.0.4.38	cpe:/o:grandstream:gxv_device_firmware:1.0.4.38:::
grandstream	gxv_device_firmware	1.0.4.27	cpe:/o:grandstream:gxv_device_firmware:1.0.4.27:::
grandstream	gxv3601hd/ll	-	cpe:/h:grandstream:gxv3601hd/ll:-:::
grandstream	gxv_device_firmware	1.0.4.7	cpe:/o:grandstream:gxv_device_firmware:1.0.4.7:::
grandstream	gxv_device_firmware	1.0.4.39	cpe:/o:grandstream:gxv_device_firmware:1.0.4.39:::
grandstream	gxv_device_firmware	1.0.2.3	cpe:/o:grandstream:gxv_device_firmware:1.0.2.3:::
grandstream	gxv3615wp_hd	-	cpe:/h:grandstream:gxv3615wp_hd:-:::
grandstream	gxv_device_firmware	1.0.4.42	cpe:/o:grandstream:gxv_device_firmware:1.0.4.42:::