cve/2015/CVE-2015-2866.md

CVE-2015-2866

Description

SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.

POC

Reference

• http://www.kb.cert.org/vuls/id/253708
• https://www.exploit-db.com/exploits/40441/

Github

• https://github.com/ARPSyndicate/cvemon