Root Account Password Vulnerability in Grandstream GXV3611IR_HD Devices
CVE-2019-10661

9.8CRITICAL

Key Information:

Vendor: Grandstream
Status: Gxv3611ir Hd Firmware
Vendor: CVE Published:; 30 March 2019

🔔 Create Grandstream Vulnerability Alert

What is CVE-2019-10661?

The Grandstream GXV3611IR_HD IP camera is affected by a security flaw where the root account is accessible without a password. This vulnerability could allow unauthorized users to gain complete access to the device, potentially leading to further exploitation of the network and connected systems. Devices running versions prior to 1.0.3.23 are at risk.

References

https://www.trustwave.com/en-us/resources/security-resour...

x_refsource_MISC

https://github.com/scarvell/grandstream_exploits

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2019
Vulnerability Reserved
Mar 30, 2019