Cross-site Scripting Vulnerability in Grandstream Video Cameras
CVE-2013-3962

Currently unrated

Key Information:

Vendor: Grandstream
Status: Gxv Device Firmware; Gxv3500; Gxv3501; Gxv3504
Vendor: CVE Published:; 1 October 2013

🔔 Create Grandstream Vulnerability Alert

What is CVE-2013-3962?

The vulnerability in Grandstream's video surveillance cameras allows remote attackers to exploit insecure web forms by injecting arbitrary web scripts or HTML through the PATH_INFO variable, compromising the integrity of the devices and potentially the networks they operate within. This issue affects multiple camera models prior to firmware version 1.0.4.44 and highlights the need for robust web application security measures to prevent unauthorized access to sensitive functionalities.

References

http://seclists.org/fulldisclosure/2013/Jun/84

mailing-listx_refsource_FULLDISC

http://www.grandstream.com/firmware/BETATEST/GXV35xx_GXV3...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 1, 2013