CVE-2013-3542

CRITICAL

Grandstream Gxv3501 Firmware - Hard-coded Credentials

Title source: rule
STIX 2.1

Description

Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2013/Jun/84
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=XkCBs4lenhI

Scores

CVSS v3 10.0
EPSS 0.0260
EPSS Percentile 83.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (13)
grandstream/gxv3500_firmware 1.0.4.11
grandstream/gxv3501_firmware 1.0.4.11
grandstream/gxv3504_firmware 1.0.4.11
grandstream/gxv3601_firmware 1.0.4.11
grandstream/gxv3601hd_firmware 1.0.4.11
grandstream/gxv3601ll_firmware 1.0.4.11
grandstream/gxv3611hd_firmware 1.0.4.11
grandstream/gxv3611ll_firmware 1.0.4.11
grandstream/gxv3615p_firmware 1.0.4.11
grandstream/gxv3615w_firmware 1.0.4.11
... and 3 more
Published Dec 11, 2019
Tracked Since Feb 18, 2026