VAR-201507-0148
Vulnerability from variot - Updated: 2025-04-12 22:50SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. Grandstream GXV3611_HD Is a network camera for surveillance. Grandstream GXV3611_HD Is SQL There is an injection vulnerability. An attacker can use this vulnerability to SQL It is possible to perform injection attacks. CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') http://cwe.mitre.org/data/definitions/89.htmlBy a remote third party SQL By injection, the settings of the device may be viewed or changed. Grandstream GXV3611_HD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Grandstream GXV3611_HD 1.0.3.6 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0148",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gxv3611 hd",
"scope": "lte",
"trust": 1.0,
"vendor": "grandstream",
"version": "1.0.3.6"
},
{
"model": "gxv3611 hd",
"scope": "eq",
"trust": 0.9,
"vendor": "grandstream",
"version": "1.0.3.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3611 hd",
"scope": null,
"trust": 0.8,
"vendor": "grandstream",
"version": null
},
{
"model": "gxv3611 hd",
"scope": "lte",
"trust": 0.8,
"vendor": "grandstream",
"version": "version 1.0.3.6"
},
{
"model": "gxv3611 hd beta",
"scope": "lt",
"trust": 0.6,
"vendor": "grandstream",
"version": "1.0.3.9"
},
{
"model": "gxv3611 hd beta",
"scope": "ne",
"trust": 0.3,
"vendor": "grandstream",
"version": "1.0.3.9"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#253708"
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "BID",
"id": "75580"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
},
{
"db": "NVD",
"id": "CVE-2015-2866"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:grandstream:gxv3611_hd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:grandstream:gxv3611_hd_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Living Lab at IUPUI",
"sources": [
{
"db": "BID",
"id": "75580"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2866",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2866",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 6.4,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 3.8,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2866",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04400",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-80827",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2866",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-2866",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2866",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-04400",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-191",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80827",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#253708"
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "VULHUB",
"id": "VHN-80827"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
},
{
"db": "NVD",
"id": "CVE-2015-2866"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. Grandstream GXV3611_HD Is a network camera for surveillance. Grandstream GXV3611_HD Is SQL There is an injection vulnerability. An attacker can use this vulnerability to SQL It is possible to perform injection attacks. CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) http://cwe.mitre.org/data/definitions/89.htmlBy a remote third party SQL By injection, the settings of the device may be viewed or changed. Grandstream GXV3611_HD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nAn attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nGrandstream GXV3611_HD 1.0.3.6 is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2866"
},
{
"db": "CERT/CC",
"id": "VU#253708"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "BID",
"id": "75580"
},
{
"db": "VULHUB",
"id": "VHN-80827"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/253708",
"trust": 0.8,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-80827",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#253708"
},
{
"db": "VULHUB",
"id": "VHN-80827"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#253708",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-2866",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "40441",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97426101",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04400",
"trust": 0.6
},
{
"db": "BID",
"id": "75580",
"trust": 0.4
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-80827",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#253708"
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "VULHUB",
"id": "VHN-80827"
},
{
"db": "BID",
"id": "75580"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
},
{
"db": "NVD",
"id": "CVE-2015-2866"
}
]
},
"id": "VAR-201507-0148",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "VULHUB",
"id": "VHN-80827"
}
],
"trust": 1.175
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
}
]
},
"last_update_date": "2025-04-12T22:50:10.596000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for the Grandstream GXV3611_HD Camera SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/60767"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04400"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80827"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "NVD",
"id": "CVE-2015-2866"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/253708"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/40441/"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2866"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97426101"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2866"
},
{
"trust": 0.3,
"url": "http://www.grandstream.com/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#253708"
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "VULHUB",
"id": "VHN-80827"
},
{
"db": "BID",
"id": "75580"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
},
{
"db": "NVD",
"id": "CVE-2015-2866"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#253708"
},
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "VULHUB",
"id": "VHN-80827"
},
{
"db": "BID",
"id": "75580"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
},
{
"db": "NVD",
"id": "CVE-2015-2866"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-07T00:00:00",
"db": "CERT/CC",
"id": "VU#253708"
},
{
"date": "2015-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"date": "2015-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-80827"
},
{
"date": "2015-07-07T00:00:00",
"db": "BID",
"id": "75580"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"date": "2015-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-191"
},
{
"date": "2015-07-08T14:59:00.080000",
"db": "NVD",
"id": "CVE-2015-2866"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-07T00:00:00",
"db": "CERT/CC",
"id": "VU#253708"
},
{
"date": "2015-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"date": "2017-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-80827"
},
{
"date": "2015-07-07T00:00:00",
"db": "BID",
"id": "75580"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003477"
},
{
"date": "2015-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-191"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2866"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grandstream GXV3611_HD Camera SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04400"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-191"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…