CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
46.0%
Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Vendor | Product | Version | CPE |
---|---|---|---|
grandstream | gxv3504 | - | cpe:/h:grandstream:gxv3504:-::: |
grandstream | gxv_device_firmware | 1.0.4.16 | cpe:/o:grandstream:gxv_device_firmware:1.0.4.16::: |
grandstream | gxv_device_firmware | 1.0.4.38 | cpe:/o:grandstream:gxv_device_firmware:1.0.4.38::: |
grandstream | gxv_device_firmware | 1.0.4.27 | cpe:/o:grandstream:gxv_device_firmware:1.0.4.27::: |
grandstream | gxv3601hd/ll | - | cpe:/h:grandstream:gxv3601hd/ll:-::: |
grandstream | gxv_device_firmware | 1.0.4.7 | cpe:/o:grandstream:gxv_device_firmware:1.0.4.7::: |
grandstream | gxv_device_firmware | 1.0.4.39 | cpe:/o:grandstream:gxv_device_firmware:1.0.4.39::: |
grandstream | gxv_device_firmware | 1.0.2.3 | cpe:/o:grandstream:gxv_device_firmware:1.0.2.3::: |
grandstream | gxv3615wp_hd | - | cpe:/h:grandstream:gxv3615wp_hd:-::: |
grandstream | gxv_device_firmware | 1.0.4.42 | cpe:/o:grandstream:gxv_device_firmware:1.0.4.42::: |