Backdoor in Telnet Protocol
CVE-2013-3542, Backdoor in Telnet Protocol
You should connect via telnet protocol to any camera affected (it's open by default).
After all you should be introduce the magic string !#/ as Username and as Password. You will get the admin panel setting menu. If you type "help", the following commands are shown:
help, quit, status, restart, restore, upgrade, tty_test
@@@ restore (Reset settings to factory default)
The attacker can take the device control, so it's make this devices very vulnerables.
Cross Site Scripting (XSS)
CVE-2013-3962, Cross Site Scripting non-persistent.
Cross Site Request Forgery (CSRF)
CVE-2013-3963, CSRF via GET method.
These cameras use a web interface which is prone to CSRF vulnerabilities.
A malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters. You should introduce the following URL to replicate the attack.
-2013-05-31: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3542.
-2013-05-31: Grandstream team reports to the technical support to analyze the vulnerability.
-2013-06-11: Students opens a ticket in order to notify the Grandstream Customer Support of the CVE-2013-3962 and CVE-2013-3963 vulnerabilities.