CVE-2013-3962

Name of the Vulnerable Software and Affected Versions Grandstream GXV3501 versions prior to 1.0.4.44 Grandstream GXV3504 versions prior to 1.0.4.44 Grandstream GXV3601 versions prior to 1.0.4.44 Grandstream GXV3601HD/LL versions prior to 1.0.4.44 Grandstream GXV3611HD/LL versions prior to 1.0.4.44 Grandstream GXV3615W/P versions prior to 1.0.4.44 Grandstream GXV3651FHD versions prior to 1.0.4.44 Grandstream GXV3662HD versions prior to 1.0.4.44 Grandstream GXV3615WP HD versions prior to 1.0.4.44 Grandstream GXV3500 versions prior to 1.0.4.44

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO. This could potentially lead to unauthorized access or control of the affected devices.

Recommendations For Grandstream GXV3501, update to firmware version 1.0.4.44 or later. For Grandstream GXV3504, update to firmware version 1.0.4.44 or later. For Grandstream GXV3601, update to firmware version 1.0.4.44 or later. For Grandstream GXV3601HD/LL, update to firmware version 1.0.4.44 or later. For Grandstream GXV3611HD/LL, update to firmware version 1.0.4.44 or later. For Grandstream GXV3615W/P, update to firmware version 1.0.4.44 or later. For Grandstream GXV3651FHD, update to firmware version 1.0.4.44 or later. For Grandstream GXV3662HD, update to firmware version 1.0.4.44 or later. For Grandstream GXV3615WP HD, update to firmware version 1.0.4.44 or later. For Grandstream GXV3500, update to firmware version 1.0.4.44 or later.