Pizza1337

**Name of the Vulnerable Software and Affected Versions** Grandstream GXV3611 HD camera versions prior to 1.0.3.9 beta **Description** The issue allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted `username`. This can be done by sending a request to the TELNET endpoint with a specially crafted `username` variable. **Recommendations** For Grandstream GXV3611 HD camera versions prior to 1.0.3.9 beta, update to version 1.0.3.9 beta or later to resolve the issue. As a temporary workaround, consider restricting TELNET access to minimize the risk of exploitation. Avoid using crafted usernames in TELNET sessions until the issue is resolved.