// For flags

CVE-2013-3542

Grandstream Backdoor / Cross Site Request Forgery / Cross Site Scripting

Severity Score

10.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.

Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, y posiblemente otros modelos de cámara con versión de firmware 1.0.4.11, poseen una cuenta embebida "!#/" con la misma contraseña, lo que facilita a atacantes remotos obtener acceso por medio de una sesión TELNET.

Grandstream Series IP cameras suffer from backdoor, cross site request forgery, and cross site scripting vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-05-14 CVE Reserved
  • 2013-06-13 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-10-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-798: Use of Hard-coded Credentials
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Grandstream
Search vendor "Grandstream"
Gxv3501 Firmware
Search vendor "Grandstream" for product "Gxv3501 Firmware"
1.0.4.11
Search vendor "Grandstream" for product "Gxv3501 Firmware" and version "1.0.4.11"
-
Affected
in Grandstream
Search vendor "Grandstream"
Gxv3501
Search vendor "Grandstream" for product "Gxv3501"
--
Safe
Grandstream
Search vendor "Grandstream"
Gxv3504 Firmware
Search vendor "Grandstream" for product "Gxv3504 Firmware"
1.0.4.11
Search vendor "Grandstream" for product "Gxv3504 Firmware" and version "1.0.4.11"
-
Affected
in Grandstream
Search vendor "Grandstream"
Gxv3504
Search vendor "Grandstream" for product "Gxv3504"
--
Safe
Grandstream
Search vendor "Grandstream"
Gxv3601 Firmware
Search vendor "Grandstream" for product "Gxv3601 Firmware"
1.0.4.11
Search vendor "Grandstream" for product "Gxv3601 Firmware" and version "1.0.4.11"
-
Affected
in Grandstream
Search vendor "Grandstream"
Gxv3601
Search vendor "Grandstream" for product "Gxv3601"
--
Safe
Grandstream
Search vendor "Grandstream"
Gxv3601hd Firmware
Search vendor "Grandstream" for product "Gxv3601hd Firmware"
1.0.4.11
Search vendor "Grandstream" for product "Gxv3601hd Firmware" and version "1.0.4.11"
-
Affected
in Grandstream
Search vendor "Grandstream"
Gxv3601hd
Search vendor "Grandstream" for product "Gxv3601hd"
--
Safe
Grandstream
Search vendor "Grandstream"
Gxv3601ll Firmware
Search vendor "Grandstream" for product "Gxv3601ll Firmware"
1.0.4.11
Search vendor "Grandstream" for product "Gxv3601ll Firmware" and version "1.0.4.11"
-
Affected
in Grandstream
Search vendor "Grandstream"
Gxv3601ll
Search vendor "Grandstream" for product "Gxv3601ll"
--
Safe
Grandstream
Search vendor "Grandstream"
Gxv3611hd Firmware
Search vendor "Grandstream" for product "Gxv3611hd Firmware"
1.0.4.11
Search vendor "Grandstream" for product "Gxv3611hd Firmware" and version "1.0.4.11"
-
Affected
in Grandstream
Search vendor "Grandstream"
Gxv3611hd
Search vendor "Grandstream" for product "Gxv3611hd"
--
Safe
Grandstream
Search vendor "Grandstream"
Gxv3611ll Firmware
Search vendor "Grandstream" for product "Gxv3611ll Firmware"
1.0.4.11
Search vendor "Grandstream" for product "Gxv3611ll Firmware" and version "1.0.4.11"
-
Affected
in Grandstream
Search vendor "Grandstream"
Gxv3611ll
Search vendor "Grandstream" for product "Gxv3611ll"
--
Safe
Grandstream
Search vendor "Grandstream"
Gxv3615w Firmware
Search vendor "Grandstream" for product "Gxv3615w Firmware"
1.0.4.11
Search vendor "Grandstream" for product "Gxv3615w Firmware" and version "1.0.4.11"
-
Affected
in Grandstream
Search vendor "Grandstream"
Gxv3615w
Search vendor "Grandstream" for product "Gxv3615w"
--
Safe
Grandstream
Search vendor "Grandstream"
Gxv3615p Firmware
Search vendor "Grandstream" for product "Gxv3615p Firmware"
1.0.4.11
Search vendor "Grandstream" for product "Gxv3615p Firmware" and version "1.0.4.11"
-
Affected
in Grandstream
Search vendor "Grandstream"
Gxv3615p
Search vendor "Grandstream" for product "Gxv3615p"
--
Safe
Grandstream
Search vendor "Grandstream"
Gxv3651fhd Firmware
Search vendor "Grandstream" for product "Gxv3651fhd Firmware"
1.0.4.11
Search vendor "Grandstream" for product "Gxv3651fhd Firmware" and version "1.0.4.11"
-
Affected
in Grandstream
Search vendor "Grandstream"
Gxv3651fhd
Search vendor "Grandstream" for product "Gxv3651fhd"
--
Safe
Grandstream
Search vendor "Grandstream"
Gxv3662hd Firmware
Search vendor "Grandstream" for product "Gxv3662hd Firmware"
1.0.4.11
Search vendor "Grandstream" for product "Gxv3662hd Firmware" and version "1.0.4.11"
-
Affected
in Grandstream
Search vendor "Grandstream"
Gxv3662hd
Search vendor "Grandstream" for product "Gxv3662hd"
--
Safe
Grandstream
Search vendor "Grandstream"
Gxv3615wp Hd Firmware
Search vendor "Grandstream" for product "Gxv3615wp Hd Firmware"
1.0.4.11
Search vendor "Grandstream" for product "Gxv3615wp Hd Firmware" and version "1.0.4.11"
-
Affected
in Grandstream
Search vendor "Grandstream"
Gxv3615wp Hd
Search vendor "Grandstream" for product "Gxv3615wp Hd"
--
Safe
Grandstream
Search vendor "Grandstream"
Gxv3500 Firmware
Search vendor "Grandstream" for product "Gxv3500 Firmware"
1.0.4.11
Search vendor "Grandstream" for product "Gxv3500 Firmware" and version "1.0.4.11"
-
Affected
in Grandstream
Search vendor "Grandstream"
Gxv3500
Search vendor "Grandstream" for product "Gxv3500"
--
Safe