Vulnerability Description
Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grandstream | Gxv Device Firmware | <= 1.0.4.43 |
| Grandstream | Gxv3500 | - |
| Grandstream | Gxv3501 | - |
| Grandstream | Gxv3504 | - |
| Grandstream | Gxv3601 | - |
| Grandstream | Gxv3601Hd\/Ll | - |
| Grandstream | Gxv3611Hd\/Ll | - |
| Grandstream | Gxv3615W\/P | - |
| Grandstream | Gxv3615Wp Hd | - |
| Grandstream | Gxv3651Fhd | - |
| Grandstream | Gxv3662Hd | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2013/Jun/84
- http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV3
- http://seclists.org/fulldisclosure/2013/Jun/84
- http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV36xx_H/Release_Note_GXV3
FAQ
What is CVE-2013-3962?
CVE-2013-3962 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera model...
How severe is CVE-2013-3962?
CVE-2013-3962 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3962?
Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Gxv Device Firmware, Grandstream Gxv3500, Grandstream Gxv3501, Grandstream Gxv3504, Grandstream Gxv3601.