Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grandstream | Gxv Device Firmware | <= 1.0.4.43 |
| Grandstream | Gxv3500 | - |
| Grandstream | Gxv3501 | - |
| Grandstream | Gxv3504 | - |
| Grandstream | Gxv3601 | - |
| Grandstream | Gxv3601Hd\/Ll | - |
| Grandstream | Gxv3611Hd\/Ll | - |
| Grandstream | Gxv3615W\/P | - |
| Grandstream | Gxv3615Wp Hd | - |
| Grandstream | Gxv3651Fhd | - |
| Grandstream | Gxv3662Hd | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2013-3963?
CVE-2013-3963 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and...
How severe is CVE-2013-3963?
CVE-2013-3963 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3963?
Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Gxv Device Firmware, Grandstream Gxv3500, Grandstream Gxv3501, Grandstream Gxv3504, Grandstream Gxv3601.