CVE-2013-3963

Name of the Vulnerable Software and Affected Versions Grandstream GXV3501 versions (affected versions not specified) Grandstream GXV3504 versions (affected versions not specified) Grandstream GXV3601 versions (affected versions not specified) Grandstream GXV3601HD/LL versions (affected versions not specified) Grandstream GXV3611HD/LL versions (affected versions not specified) Grandstream GXV3615W/P versions (affected versions not specified) Grandstream GXV3651FHD versions (affected versions not specified) Grandstream GXV3662HD versions (affected versions not specified) Grandstream GXV3615WP HD versions (affected versions not specified) Grandstream GXV3500 versions (affected versions not specified)

Description A cross-site request forgery (CSRF) issue exists in the goform/usermanage endpoint of Grandstream camera models, allowing remote attackers to hijack the authentication of victims for requests that add users.

Recommendations For Grandstream GXV3501, consider disabling the goform/usermanage endpoint until a patch is available. For Grandstream GXV3504, restrict access to the goform/usermanage endpoint to minimize the risk of exploitation. For Grandstream GXV3601, avoid using the goform/usermanage endpoint until the issue is resolved. For Grandstream GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP HD, and GXV3500, at the moment, there is no information about a newer version that contains a fix for this issue.