CVE-2015-2866

Name of the Vulnerable Software and Affected Versions Grandstream GXV3611 HD camera versions prior to 1.0.3.9 beta

Description The issue allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. This can be done by sending a request to the TELNET endpoint with a specially crafted username variable.

Recommendations For Grandstream GXV3611 HD camera versions prior to 1.0.3.9 beta, update to version 1.0.3.9 beta or later to resolve the issue. As a temporary workaround, consider restricting TELNET access to minimize the risk of exploitation. Avoid using crafted usernames in TELNET sessions until the issue is resolved.