The Grandsteam GXV3611_HD is an IP network camera used for surveillance and security. The Grandsteam GXV3611_HD is vulnerable to a SQL injection attack.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2015-2866
The Grandstream GXV3611_HD camera with firmware of 220.127.116.11 or before does not correctly perform input validation on the username field of the telnet login. An attacker may exploit this weakness to execute a SQL injection attack on the camera's configuration.
A remote unauthenticated attacker may be able to perform a SQL injection to view or modify the configuration of the device.
Update the firmware
Thanks to the Living Lab at IUPUI for reporting this vulnerability to us.
|Date First Published:||2015-07-07|
|Date Last Updated:||2015-07-07 18:33 UTC|