CVE-2015-2866

Grandstream Gxv3611 HD Firmware < 1.0.3.6 - SQL Injection

Title source: rule

Description

SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.

Exploits (1)

exploitdb WORKING POC

by pizza1337 · pythonremotehardware

https://www.exploit-db.com/exploits/40441

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40441/

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/253708

Scores

EPSS 0.0362

EPSS Percentile 87.8%

Details

CWE

CWE-89

Status published

Products (1)

grandstream/gxv3611_hd_firmware < 1.0.3.6

Published Jul 08, 2015

Tracked Since Feb 18, 2026