Lucene search

[email protected]CVE-2013-3962

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-3962

2022-10-0316:14:44

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-3962

information security

xss

grandstream

camera

firmware

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.0%

JSON

Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Affected configurations

NVD

Node

grandstreamgxv_device_firmwareRange≤1.0.4.43

grandstreamgxv_device_firmwareMatch1.0.2.3

grandstreamgxv_device_firmwareMatch1.0.3.9

grandstreamgxv_device_firmwareMatch1.0.4.6

grandstreamgxv_device_firmwareMatch1.0.4.7

grandstreamgxv_device_firmwareMatch1.0.4.11

grandstreamgxv_device_firmwareMatch1.0.4.16

grandstreamgxv_device_firmwareMatch1.0.4.27

grandstreamgxv_device_firmwareMatch1.0.4.34

grandstreamgxv_device_firmwareMatch1.0.4.37

grandstreamgxv_device_firmwareMatch1.0.4.38

grandstreamgxv_device_firmwareMatch1.0.4.39

grandstreamgxv_device_firmwareMatch1.0.4.42

AND

grandstreamgxv3500Match-

grandstreamgxv3501Match-

grandstreamgxv3504Match-

grandstreamgxv3601Match-

grandstreamgxv3601hd\/llMatch-

grandstreamgxv3611hd\/llMatch-

grandstreamgxv3615w\/pMatch-

grandstreamgxv3615wp_hdMatch-

grandstreamgxv3651fhdMatch-

grandstreamgxv3662hdMatch-

CPENameOperatorVersion
grandstream:gxv_device_firmwaregrandstream gxv device firmwarele1.0.4.43
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.2.3
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.3.9
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.6
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.7
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.11
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.16
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.27
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.34
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.37

CPE	Name	Operator	Version
grandstream:gxv_device_firmware	grandstream gxv device firmware	le	1.0.4.43
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.2.3
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.3.9
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.6
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.7
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.11
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.16
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.27
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.34
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.37