CVE-2013-3963

Опубликовано: 01 окт. 2013

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:grandstream:gxv_device_firmware:*:*:*:*:*:*:*:*

Версия до 1.0.4.43 (включая)

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.2.3:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.3.9:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.6:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.7:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.11:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.16:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.27:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.34:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.37:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.38:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.39:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.42:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:grandstream:gxv3500:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3501:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3504:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3601:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3601hd\/ll:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3611hd\/ll:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3615w\/p:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3615wp_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3651fhd:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3662hd:-:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00365

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-8288-mq64-5w63

github

больше 3 лет назад