CVE-2013-3542
Grandstream Backdoor / Cross Site Request Forgery / Cross Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, y posiblemente otros modelos de cámara con versión de firmware 1.0.4.11, poseen una cuenta embebida "!#/" con la misma contraseña, lo que facilita a atacantes remotos obtener acceso por medio de una sesión TELNET.
Grandstream Series IP cameras suffer from backdoor, cross site request forgery, and cross site scripting vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-05-14 CVE Reserved
- 2013-06-13 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-10-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://seclists.org/fulldisclosure/2013/Jun/84 | Mailing List |
URL | Date | SRC |
---|---|---|
https://www.youtube.com/watch?v=XkCBs4lenhI | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Grandstream Search vendor "Grandstream" | Gxv3501 Firmware Search vendor "Grandstream" for product "Gxv3501 Firmware" | 1.0.4.11 Search vendor "Grandstream" for product "Gxv3501 Firmware" and version "1.0.4.11" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3501 Search vendor "Grandstream" for product "Gxv3501" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3504 Firmware Search vendor "Grandstream" for product "Gxv3504 Firmware" | 1.0.4.11 Search vendor "Grandstream" for product "Gxv3504 Firmware" and version "1.0.4.11" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3504 Search vendor "Grandstream" for product "Gxv3504" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3601 Firmware Search vendor "Grandstream" for product "Gxv3601 Firmware" | 1.0.4.11 Search vendor "Grandstream" for product "Gxv3601 Firmware" and version "1.0.4.11" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3601 Search vendor "Grandstream" for product "Gxv3601" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3601hd Firmware Search vendor "Grandstream" for product "Gxv3601hd Firmware" | 1.0.4.11 Search vendor "Grandstream" for product "Gxv3601hd Firmware" and version "1.0.4.11" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3601hd Search vendor "Grandstream" for product "Gxv3601hd" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3601ll Firmware Search vendor "Grandstream" for product "Gxv3601ll Firmware" | 1.0.4.11 Search vendor "Grandstream" for product "Gxv3601ll Firmware" and version "1.0.4.11" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3601ll Search vendor "Grandstream" for product "Gxv3601ll" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3611hd Firmware Search vendor "Grandstream" for product "Gxv3611hd Firmware" | 1.0.4.11 Search vendor "Grandstream" for product "Gxv3611hd Firmware" and version "1.0.4.11" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3611hd Search vendor "Grandstream" for product "Gxv3611hd" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3611ll Firmware Search vendor "Grandstream" for product "Gxv3611ll Firmware" | 1.0.4.11 Search vendor "Grandstream" for product "Gxv3611ll Firmware" and version "1.0.4.11" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3611ll Search vendor "Grandstream" for product "Gxv3611ll" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3615w Firmware Search vendor "Grandstream" for product "Gxv3615w Firmware" | 1.0.4.11 Search vendor "Grandstream" for product "Gxv3615w Firmware" and version "1.0.4.11" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3615w Search vendor "Grandstream" for product "Gxv3615w" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3615p Firmware Search vendor "Grandstream" for product "Gxv3615p Firmware" | 1.0.4.11 Search vendor "Grandstream" for product "Gxv3615p Firmware" and version "1.0.4.11" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3615p Search vendor "Grandstream" for product "Gxv3615p" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3651fhd Firmware Search vendor "Grandstream" for product "Gxv3651fhd Firmware" | 1.0.4.11 Search vendor "Grandstream" for product "Gxv3651fhd Firmware" and version "1.0.4.11" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3651fhd Search vendor "Grandstream" for product "Gxv3651fhd" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3662hd Firmware Search vendor "Grandstream" for product "Gxv3662hd Firmware" | 1.0.4.11 Search vendor "Grandstream" for product "Gxv3662hd Firmware" and version "1.0.4.11" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3662hd Search vendor "Grandstream" for product "Gxv3662hd" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3615wp Hd Firmware Search vendor "Grandstream" for product "Gxv3615wp Hd Firmware" | 1.0.4.11 Search vendor "Grandstream" for product "Gxv3615wp Hd Firmware" and version "1.0.4.11" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3615wp Hd Search vendor "Grandstream" for product "Gxv3615wp Hd" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxv3500 Firmware Search vendor "Grandstream" for product "Gxv3500 Firmware" | 1.0.4.11 Search vendor "Grandstream" for product "Gxv3500 Firmware" and version "1.0.4.11" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxv3500 Search vendor "Grandstream" for product "Gxv3500" | - | - |
Safe
|