The Grandsteam GXV3611_HD is an IP network camera used for surveillance and security. The Grandsteam GXV3611_HD is vulnerable to a SQL injection attack.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2015-2866
The Grandstream GXV3611_HD camera with firmware of 220.127.116.11 or before does not correctly perform input validation on the username field of the telnet login. An attacker may exploit this weakness to execute a SQL injection attack on the camera's configuration.
A remote unauthenticated attacker may be able to perform a SQL injection to view or modify the configuration of the device.
Update the firmware
Thanks to the Living Lab at IUPUI for reporting this vulnerability to us.
This document was written by Garret Wassermann.
|Date First Published:||2015-07-07|
|Date Last Updated:||2015-07-07 18:33 UTC|