Details of VAR-E-201306-0196

ID

VAR-E-201306-0196

CVE

cve_id:	CVE-2013-3963	Trust: 2.4
cve_id:	CVE-2013-3542	Trust: 0.5
cve_id:	CVE-2013-3962	Trust: 0.5

sources: BID: 60532 // PACKETSTORM: 122004 // EXPLOIT-DB: 38584 // EDBNET: 59662

EDB ID

38584

TITLE

Grandstream Multiple IP Cameras - Cross-Site Request Forgery - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 38584

DESCRIPTION

Grandstream Multiple IP Cameras - Cross-Site Request Forgery. CVE-2013-3963CVE-94222 . remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 38584

AFFECTED PRODUCTS

vendor:	grandstream	model:	multiple ip cameras	scope:	-	version:	-	Trust: 1.0
vendor:	grandstream	model:	backdoor	scope:	-	version:	-	Trust: 0.5
vendor:	grandstream	model:	gxv3662hd	scope:	eq	version:	0	Trust: 0.3
vendor:	grandstream	model:	gxv3651fhd	scope:	eq	version:	0	Trust: 0.3
vendor:	grandstream	model:	gxv3615wp hd	scope:	eq	version:	0	Trust: 0.3
vendor:	grandstream	model:	gxv3615w/p	scope:	eq	version:	0	Trust: 0.3
vendor:	grandstream	model:	gxv3611hd/ll	scope:	eq	version:	0	Trust: 0.3
vendor:	grandstream	model:	gxv3601hd/ll	scope:	eq	version:	0	Trust: 0.3
vendor:	grandstream	model:	gxv3601	scope:	eq	version:	0	Trust: 0.3
vendor:	grandstream	model:	gxv3504	scope:	eq	version:	0	Trust: 0.3
vendor:	grandstream	model:	gxv3501	scope:	eq	version:	0	Trust: 0.3
vendor:	grandstream	model:	gxv3500	scope:	eq	version:	0	Trust: 0.3

sources: BID: 60532 // PACKETSTORM: 122004 // EXPLOIT-DB: 38584

EXPLOIT

source: https://www.securityfocus.com/bid/60532/info

Grandstream multiple IP cameras including GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, and GXV3500 are prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.

http://www.example.com/goform/usermanage?cmd=add&user.name=test3&user.password=test3&user.level=0

Trust: 1.0

sources: EXPLOIT-DB: 38584

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 38584

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 38584

TYPE

Cross-Site Request Forgery

Trust: 1.0

sources: EXPLOIT-DB: 38584

CREDITS

Castillo

Trust: 0.6

sources: EXPLOIT-DB: 38584

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3963	Trust: 2.4
db:	BID	id:	60532	Trust: 1.9
db:	EXPLOIT-DB	id:	38584	Trust: 1.6
db:	EDBNET	id:	59662	Trust: 0.6
db:	NVD	id:	CVE-2013-3962	Trust: 0.5
db:	NVD	id:	CVE-2013-3542	Trust: 0.5
db:	PACKETSTORM	id:	122004	Trust: 0.5

sources: BID: 60532 // PACKETSTORM: 122004 // EXPLOIT-DB: 38584 // EDBNET: 59662

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2013-3963	Trust: 2.1
url:	https://www.securityfocus.com/bid/60532/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/38584/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2013-3542	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2013-3962	Trust: 0.5
url:	http://seclists.org/fulldisclosure/2013/jun/84	Trust: 0.3
url:	http://www.grandstream.com/index.php/products/ip-video-surveillance	Trust: 0.3

sources: BID: 60532 // PACKETSTORM: 122004 // EXPLOIT-DB: 38584 // EDBNET: 59662

SOURCES

db:	BID	id:	60532
db:	PACKETSTORM	id:	122004
db:	EXPLOIT-DB	id:	38584
db:	EDBNET	id:	59662

LAST UPDATE DATE

2022-07-27T09:18:55.221000+00:00

SOURCES UPDATE DATE

db:

BID

id:

60532

date:

2013-06-12T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	60532	date:	2013-06-12T00:00:00
db:	PACKETSTORM	id:	122004	date:	2013-06-13T06:12:41
db:	EXPLOIT-DB	id:	38584	date:	2013-06-12T00:00:00
db:	EDBNET	id:	59662	date:	2013-06-12T00:00:00

tag:	exploit	Trust: 0.5
tag:	vulnerability	Trust: 0.5
tag:	xss	Trust: 0.5
tag:	csrf	Trust: 0.5

ID

CVE

EDB ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT LANGUAGE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES UPDATE DATE

SOURCES RELEASE DATE