VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 1, 2013· Updated Apr 29, 2026

CVE-2013-3962

CVE-2013-3962

Description

Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Affected products

23
  • Grandstream/Gxv3500
    cpe:2.3:h:grandstream:gxv3500:-:*:*:*:*:*:*:*
  • Grandstream/Gxv3501
    cpe:2.3:h:grandstream:gxv3501:-:*:*:*:*:*:*:*
  • Grandstream/Gxv3504
    cpe:2.3:h:grandstream:gxv3504:-:*:*:*:*:*:*:*
  • Grandstream/Gxv3601
    cpe:2.3:h:grandstream:gxv3601:-:*:*:*:*:*:*:*
  • Grandstream/Gxv3601hd\/ll
    cpe:2.3:h:grandstream:gxv3601hd\/ll:-:*:*:*:*:*:*:*
  • Grandstream/Gxv3611hd\/ll
    cpe:2.3:h:grandstream:gxv3611hd\/ll:-:*:*:*:*:*:*:*
  • Grandstream/Gxv3615w\/p
    cpe:2.3:h:grandstream:gxv3615w\/p:-:*:*:*:*:*:*:*
  • Grandstream/Gxv3615wp Hd
    cpe:2.3:h:grandstream:gxv3615wp_hd:-:*:*:*:*:*:*:*
  • Grandstream/Gxv3651fhd
    cpe:2.3:h:grandstream:gxv3651fhd:-:*:*:*:*:*:*:*
  • Grandstream/Gxv3662hd
    cpe:2.3:h:grandstream:gxv3662hd:-:*:*:*:*:*:*:*
  • Grandstream/Gxv Device Firmware13 versions
    cpe:2.3:o:grandstream:gxv_device_firmware:*:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:o:grandstream:gxv_device_firmware:*:*:*:*:*:*:*:*range: <=1.0.4.43
    • cpe:2.3:o:grandstream:gxv_device_firmware:1.0.2.3:*:*:*:*:*:*:*
    • cpe:2.3:o:grandstream:gxv_device_firmware:1.0.3.9:*:*:*:*:*:*:*
    • cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.11:*:*:*:*:*:*:*
    • cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.16:*:*:*:*:*:*:*
    • cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.27:*:*:*:*:*:*:*
    • cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.34:*:*:*:*:*:*:*
    • cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.37:*:*:*:*:*:*:*
    • cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.38:*:*:*:*:*:*:*
    • cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.39:*:*:*:*:*:*:*
    • cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.42:*:*:*:*:*:*:*
    • cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.6:*:*:*:*:*:*:*
    • cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.7:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.