Lucene search

[email protected]CVE-2013-3963

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-3963

2022-10-0316:14:46

CWE-352

[email protected]

web.nvd.nist.gov

cve-2013-3963

csrf

vulnerability

goform/usermanage

grandstream

gxv3501

gxv3504

gxv3601

gxv3601hd/ll

gxv3611hd/ll

gxv3615w/p

gxv3651fhd

gxv3662hd

gxv3615wp_hd

gxv3500

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.6%

JSON

Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.

Affected configurations

NVD

Node

grandstreamgxv_device_firmwareRange≤1.0.4.43

grandstreamgxv_device_firmwareMatch1.0.2.3

grandstreamgxv_device_firmwareMatch1.0.3.9

grandstreamgxv_device_firmwareMatch1.0.4.6

grandstreamgxv_device_firmwareMatch1.0.4.7

grandstreamgxv_device_firmwareMatch1.0.4.11

grandstreamgxv_device_firmwareMatch1.0.4.16

grandstreamgxv_device_firmwareMatch1.0.4.27

grandstreamgxv_device_firmwareMatch1.0.4.34

grandstreamgxv_device_firmwareMatch1.0.4.37

grandstreamgxv_device_firmwareMatch1.0.4.38

grandstreamgxv_device_firmwareMatch1.0.4.39

grandstreamgxv_device_firmwareMatch1.0.4.42

AND

grandstreamgxv3500Match-

grandstreamgxv3501Match-

grandstreamgxv3504Match-

grandstreamgxv3601Match-

grandstreamgxv3601hd\/llMatch-

grandstreamgxv3611hd\/llMatch-

grandstreamgxv3615w\/pMatch-

grandstreamgxv3615wp_hdMatch-

grandstreamgxv3651fhdMatch-

grandstreamgxv3662hdMatch-

CPENameOperatorVersion
grandstream:gxv_device_firmwaregrandstream gxv device firmwarele1.0.4.43
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.2.3
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.3.9
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.6
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.7
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.11
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.16
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.27
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.34
grandstream:gxv_device_firmwaregrandstream gxv device firmwareeq1.0.4.37

CPE	Name	Operator	Version
grandstream:gxv_device_firmware	grandstream gxv device firmware	le	1.0.4.43
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.2.3
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.3.9
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.6
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.7
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.11
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.16
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.27
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.34
grandstream:gxv_device_firmware	grandstream gxv device firmware	eq	1.0.4.37