PT-2013-4762 · Grandstream · Gxv3651Fhd+9
Jonás Ropero Castillo
·
Publicado
2013-10-01
·
Atualizado
2013-10-02
·
CVE-2013-3962
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Grandstream GXV3501 versions prior to 1.0.4.44
Grandstream GXV3504 versions prior to 1.0.4.44
Grandstream GXV3601 versions prior to 1.0.4.44
Grandstream GXV3601HD/LL versions prior to 1.0.4.44
Grandstream GXV3611HD/LL versions prior to 1.0.4.44
Grandstream GXV3615W/P versions prior to 1.0.4.44
Grandstream GXV3651FHD versions prior to 1.0.4.44
Grandstream GXV3662HD versions prior to 1.0.4.44
Grandstream GXV3615WP HD versions prior to 1.0.4.44
Grandstream GXV3500 versions prior to 1.0.4.44
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the
PATH INFO. This could potentially lead to unauthorized access or control of the affected devices.Recommendations
For Grandstream GXV3501, update to firmware version 1.0.4.44 or later.
For Grandstream GXV3504, update to firmware version 1.0.4.44 or later.
For Grandstream GXV3601, update to firmware version 1.0.4.44 or later.
For Grandstream GXV3601HD/LL, update to firmware version 1.0.4.44 or later.
For Grandstream GXV3611HD/LL, update to firmware version 1.0.4.44 or later.
For Grandstream GXV3615W/P, update to firmware version 1.0.4.44 or later.
For Grandstream GXV3651FHD, update to firmware version 1.0.4.44 or later.
For Grandstream GXV3662HD, update to firmware version 1.0.4.44 or later.
For Grandstream GXV3615WP HD, update to firmware version 1.0.4.44 or later.
For Grandstream GXV3500, update to firmware version 1.0.4.44 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gxv3500
Gxv3501
Gxv3504
Gxv3601
Gxv3601Hd/Ll
Gxv3611Hd/Ll
Gxv3615W/P
Gxv3615Wp Hd
Gxv3651Fhd
Gxv3662Hd