Search criteria
30 vulnerabilities found for 2100_network_camera by axis
FKIE_CVE-2007-5212
Vulnerability from fkie_nvd - Published: 2007-10-04 23:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | 2100_network_camera | 2.02 | |
| axis | 2100_network_camera_firmware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B83A6F-1996-49B7-BA76-98B83548F289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "541AA285-A04A-4102-BEA7-EDC522B78A01",
"versionEndIncluding": "2.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en AXIS 2100 Network Camera 2.02 con firmware anterior a 2.43 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante (1) par\u00e1metros asociados configuraciones guardadas, como ha sido demostrado por el par\u00e1metro conf_SMTP_MailServer1 a ServerManager.srv; o (2) el par\u00e1metro subpage a wizard/first/wizard_main_first.shtml. NOTA: un atacante podr\u00eda aprovechar una vulnerabilidad CSRF para modificar configuraciones guardadas."
}
],
"id": "CVE-2007-5212",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-04T23:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38795"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38796"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3188"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25837"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-5213
Vulnerability from fkie_nvd - Published: 2007-10-04 23:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | 2100_network_camera | 2.02 | |
| axis | 2100_network_camera_firmware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B83A6F-1996-49B7-BA76-98B83548F289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "541AA285-A04A-4102-BEA7-EDC522B78A01",
"versionEndIncluding": "2.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en AXIS 2100 Network Camera 2.02 con firmware 2.43 y anteriores permite a atacantes remotos llevar a cabo acciones como administrador, como ha sido demostrado por (1) un cambio del servidor SMTP a trav\u00e9s del par\u00e1metro conf_SMTP_MailServer1 a ServerManager.srv y (2) un cambio del nombre de m\u00e1quina a trav\u00e9s del par\u00e1metro conf_Network_HostName en la p\u00e1gina Network."
}
],
"id": "CVE-2007-5213",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-04T23:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39490"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39491"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3188"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25837"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-5214
Vulnerability from fkie_nvd - Published: 2007-10-04 23:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | 2100_network_camera | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:*:*:firmware_2.43:*:*:*:*:*",
"matchCriteriaId": "C6D31951-CD01-46EE-B743-12E8EC69B060",
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en AXIS 2100 Network Camera 2.02 con firmware 2.43 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante (1) el PATH_INFO al URI por defecto asociado con un directorio, como ha sido demostrado por (a) el directorio ra\u00edz y (b) el directorio view/; (2) par\u00e1metros asociados con configuraciones guardadas, como ha sido demostrado por (c) el par\u00e1metro conf_Network_HostName en la p\u00e1gina Network y (d) el par\u00e1metro conf_Layout_OwnTitle a ServerManager.srv; y (3) la cadena de petici\u00f3n a ServerManager.srv, la cual se muestra en la p\u00e1gina de logs. NOTA: un atacantes podr\u00eda aprovechar una vulnerabilidad CSRF para modificar las configuraciones guardadas."
}
],
"id": "CVE-2007-5214",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-04T23:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39492"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39493"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39494"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39495"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3188"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25837"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36840"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36841"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36842"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-2239
Vulnerability from fkie_nvd - Published: 2007-05-07 19:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | 2100_network_camera | * | |
| axis | 2110_network_camera | * | |
| axis | 2120_network_camera | * | |
| axis | 2130_ptz_network_camera | * | |
| axis | 2400_video_server | * | |
| axis | 2401_video_server | * | |
| axis | 2411_video_server | * | |
| axis | 2420-ir_network_camera | * | |
| axis | 2420_network_camera | * | |
| axis | panorama_ptz_camera | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD1571CD-BD03-439E-8E63-9684843B2797",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77ED11B9-32FF-40E8-B67B-3EAD53AC2BF1",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E31DBA-0684-4530-BF0D-805642FF7A66",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "895BD791-C0F2-4531-8A12-902061617C7E",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81454CC0-FE25-4C13-876B-53D1CF8249A2",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F113DC5-74ED-48C8-AEEA-3CBA0A2A717F",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2104BD1B-B7B3-40F2-9402-38225FA9785D",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420-ir_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15C0AAB0-C5F5-42F5-85A2-816531B52961",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D85522A-D180-4F81-9D5F-FFC092E6EA79",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:panorama_ptz_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5697A2-84B1-4BDC-9BCC-544BDCDA1AAE",
"versionEndIncluding": "2.39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el m\u00e9todo SaveBMP en el control ActiveX AXIS Camera Control (tambi\u00e9n conocido como CamImage) anterior a 2.40.0.0 en AxisCamControl.ocx en AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, y Panorama PTZ permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida del Internet Explorer) o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de argumentos largos."
}
],
"id": "CVE-2007-2239",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-07T19:19:00.000",
"references": [
{
"source": "cret@cert.org",
"url": "http://osvdb.org/35602"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25093"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/23816"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2426
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "94ABCB8C-8EED-4635-BA54-735CA12A1F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "38C70CE1-0116-4C91-AB59-0C0D9F17099B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "44B1C47A-938B-4F9B-B4B5-88B8622DC965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E890E332-7A3B-4B6A-91B3-7FEFAF5DBA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "4830EAF7-9504-4090-8DDD-6CC6658ABFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7E26AD96-7BA4-4722-B059-6444FFC2E6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "E06E7446-34EC-428A-82EE-2E24F2908C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4996E0-097B-4B79-8A1C-CE55F94B8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0200586F-7F71-47F6-8D2E-F06E1BF418E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5764F35-7F21-40D0-A3FF-8EEF97F7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE3CF46-91CC-4AFD-B178-48AE90E0E339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D79A54BC-789D-4ED2-B3BC-C42959D7FFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8A437-5AF7-448E-9AF8-D8FBA481CFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5663D3D1-5962-4C43-B689-089EAFE25FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "34EDC537-0EFF-46EA-8368-A690480E5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "39798220-4621-4C5D-B6A7-6639D02E0C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "05EF66A4-F7BB-40C3-9CBF-5DB8715780C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCA7249-7F8F-4A2D-B98F-6AA0ECF17D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "0E942419-3272-4267-AF23-4B6071D71277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "3848A541-4F14-4E3B-99EE-B7C5A886C541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "34E980E1-62B8-4E37-AE9D-DFE033053620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "730E6E09-C0C8-4F8A-BE07-BFED00FC1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "693571B9-BADF-4659-95D0-F08BF32F8C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A80666-C318-416B-A440-C99DB85739DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "3198BD36-7585-493D-B767-188F86949046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "4891B49A-2957-4097-A0B9-12808956CDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "95849B6C-BA5C-4C47-8AD0-AB41C269FFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AC228FC3-3687-4FED-A684-203040EEE884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27F906AC-E00B-482E-82FE-1A50F118FDEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "540C4514-CC7D-4770-9DA8-8CE667CA00F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "95FA3628-81A6-4988-8A40-4A0581FDA493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "325D60DE-F689-4F76-ABB5-6065647A826A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B19EA718-9899-4894-8EF2-E6C085804BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D16DD747-AA9A-4AC4-975C-0927C1637268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A67DEDC-9269-4510-9F78-587879376A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8568E6B0-0016-40CC-BE22-BE3A2CE99C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "238B59A2-F9C9-40CB-9700-831FE4B0AF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C1C0AD-A638-45FC-ACAE-A7F056887025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F8BD2D-559E-4F01-A97E-AF51C7E61E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B40EB035-544F-4E0E-ADC0-9C63A5B91435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7626B23F-1DC3-4CDC-A52F-5A1191D6D135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "81100E37-1B99-4317-829F-B4A2278FA323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10321B16-1675-4609-8267-3971A9062AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*",
"matchCriteriaId": "B011DC65-EE78-49C2-B813-2381A06F6617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AA31BA47-991B-4F8C-881C-09D9C6210DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFEB8F2-0E37-450B-8390-5B055E3848F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5DEA84-37AD-4040-817D-928371236987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "208DC45A-4E9C-4B6E-A984-C598485CB08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FB14B0A4-F98A-4331-993A-C5CD70F3903F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B6885E77-4FD0-4C37-ADEC-2A5F8791C161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E1975F46-53D7-4C80-914C-3E5E85870191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "35F0E1BA-D05F-41CB-ACD9-035A6DF4735E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "77835F00-45F1-49CB-9D34-160F0FE1E3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "802A9E89-4715-4CB9-A371-5407A7320D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61B77020-D355-4179-ADEC-B0C59AB86478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD73320-38DA-4606-9CEA-F0C9D5A3215F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374F1E-06BC-4A9E-8666-336AACC1F5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3F905-8AC0-42A3-AC63-BA61AE6619AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "46E11270-65DE-4C07-A103-66217691069E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B93D2AD-FA36-4A6C-AC52-6FD0F3AE6A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D109CF38-0F5F-4A20-8A4A-DBE14D7826CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6E6FEA-9D2E-4ACD-8C3A-98DA4EB1C994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10B4A828-33F4-4FB7-9637-3C761A73AEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D0B93D-00EC-4C5D-A173-34C28D20BF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "43D3B41F-4705-4CCC-BE6F-F7193EB24F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80523474-5361-464C-9588-6C55EA40E652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA38241-A7D8-4A73-833E-3DF470624163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "12B56127-2DC3-4718-96F9-54FF156698BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3F1771-AB7A-417C-A996-B0B4E03E8126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87C5C780-BBDB-410C-AE9D-4E48EFE0D47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9034743F-699F-40A6-8D53-6631C78281FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "37949AD3-54DE-4302-98AD-4EBFCF3CBB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FF5F2F9D-5D62-42FE-A60A-72C09E06E9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7889BD02-DCDE-49F4-B432-DF9EB39C1251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi."
}
],
"id": "CVE-2004-2426",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12353"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9122"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2427
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "94ABCB8C-8EED-4635-BA54-735CA12A1F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "38C70CE1-0116-4C91-AB59-0C0D9F17099B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "44B1C47A-938B-4F9B-B4B5-88B8622DC965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E890E332-7A3B-4B6A-91B3-7FEFAF5DBA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "4830EAF7-9504-4090-8DDD-6CC6658ABFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7E26AD96-7BA4-4722-B059-6444FFC2E6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "E06E7446-34EC-428A-82EE-2E24F2908C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4996E0-097B-4B79-8A1C-CE55F94B8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0200586F-7F71-47F6-8D2E-F06E1BF418E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5764F35-7F21-40D0-A3FF-8EEF97F7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE3CF46-91CC-4AFD-B178-48AE90E0E339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D79A54BC-789D-4ED2-B3BC-C42959D7FFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8A437-5AF7-448E-9AF8-D8FBA481CFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5663D3D1-5962-4C43-B689-089EAFE25FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "34EDC537-0EFF-46EA-8368-A690480E5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "39798220-4621-4C5D-B6A7-6639D02E0C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "05EF66A4-F7BB-40C3-9CBF-5DB8715780C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCA7249-7F8F-4A2D-B98F-6AA0ECF17D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "0E942419-3272-4267-AF23-4B6071D71277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "3848A541-4F14-4E3B-99EE-B7C5A886C541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "34E980E1-62B8-4E37-AE9D-DFE033053620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "730E6E09-C0C8-4F8A-BE07-BFED00FC1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "693571B9-BADF-4659-95D0-F08BF32F8C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A80666-C318-416B-A440-C99DB85739DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "3198BD36-7585-493D-B767-188F86949046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "4891B49A-2957-4097-A0B9-12808956CDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "95849B6C-BA5C-4C47-8AD0-AB41C269FFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AC228FC3-3687-4FED-A684-203040EEE884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27F906AC-E00B-482E-82FE-1A50F118FDEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "540C4514-CC7D-4770-9DA8-8CE667CA00F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "95FA3628-81A6-4988-8A40-4A0581FDA493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "325D60DE-F689-4F76-ABB5-6065647A826A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B19EA718-9899-4894-8EF2-E6C085804BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D16DD747-AA9A-4AC4-975C-0927C1637268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A67DEDC-9269-4510-9F78-587879376A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8568E6B0-0016-40CC-BE22-BE3A2CE99C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "238B59A2-F9C9-40CB-9700-831FE4B0AF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C1C0AD-A638-45FC-ACAE-A7F056887025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F8BD2D-559E-4F01-A97E-AF51C7E61E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B40EB035-544F-4E0E-ADC0-9C63A5B91435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7626B23F-1DC3-4CDC-A52F-5A1191D6D135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "81100E37-1B99-4317-829F-B4A2278FA323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10321B16-1675-4609-8267-3971A9062AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*",
"matchCriteriaId": "B011DC65-EE78-49C2-B813-2381A06F6617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AA31BA47-991B-4F8C-881C-09D9C6210DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFEB8F2-0E37-450B-8390-5B055E3848F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5DEA84-37AD-4040-817D-928371236987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "208DC45A-4E9C-4B6E-A984-C598485CB08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FB14B0A4-F98A-4331-993A-C5CD70F3903F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B6885E77-4FD0-4C37-ADEC-2A5F8791C161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E1975F46-53D7-4C80-914C-3E5E85870191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "35F0E1BA-D05F-41CB-ACD9-035A6DF4735E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "77835F00-45F1-49CB-9D34-160F0FE1E3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "802A9E89-4715-4CB9-A371-5407A7320D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61B77020-D355-4179-ADEC-B0C59AB86478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD73320-38DA-4606-9CEA-F0C9D5A3215F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374F1E-06BC-4A9E-8666-336AACC1F5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3F905-8AC0-42A3-AC63-BA61AE6619AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "46E11270-65DE-4C07-A103-66217691069E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B93D2AD-FA36-4A6C-AC52-6FD0F3AE6A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D109CF38-0F5F-4A20-8A4A-DBE14D7826CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6E6FEA-9D2E-4ACD-8C3A-98DA4EB1C994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10B4A828-33F4-4FB7-9637-3C761A73AEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D0B93D-00EC-4C5D-A173-34C28D20BF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "43D3B41F-4705-4CCC-BE6F-F7193EB24F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80523474-5361-464C-9588-6C55EA40E652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA38241-A7D8-4A73-833E-3DF470624163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "12B56127-2DC3-4718-96F9-54FF156698BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3F1771-AB7A-417C-A996-B0B4E03E8126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87C5C780-BBDB-410C-AE9D-4E48EFE0D47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9034743F-699F-40A6-8D53-6631C78281FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "37949AD3-54DE-4302-98AD-4EBFCF3CBB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FF5F2F9D-5D62-42FE-A60A-72C09E06E9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7889BD02-DCDE-49F4-B432-DF9EB39C1251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi."
}
],
"id": "CVE-2004-2427",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9123"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9125"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9126"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9127"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9128"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9129"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/9130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/9130"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0789
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:delegate:delegate:7.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9180C95-FF6F-4A0C-9DE0-DFF6D8387698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68FA1404-9FA2-4379-96BC-6D7970C0EAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EABEE7AB-7C45-473E-9873-0423F2249F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F66F57-6AEB-4E3C-B148-BC7D11E1EBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "611AD3E5-708F-46BB-B21D-09598E1C4771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59AEEB-D524-4337-8962-B29863CBC889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F15245AF-B9B6-4D46-A901-A781FC0BAF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A3E1EB-89A5-4326-8977-9B462065C39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD607D2-2B07-474B-A855-2C3319B42CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B4665-84C4-4129-9916-ABAC61B81FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4131A4A5-5D67-4522-9A6E-E708815B5B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C30DD0-C957-44BA-B44C-7B424E664B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2E24A5-A864-4F42-A053-2FDA9D09A4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0993A56D-3A68-464A-B580-BE2EC3846F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF6186E-90D1-4D22-A469-0E955D5F1EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7323E750-C596-46FC-AA85-9271CC9C2CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F7EA693-9873-4201-B66D-D0AC08E7F560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022F8E8E-F6A1-4782-82D0-686E6FADCF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E269F0-8CFD-45DB-AF82-F9F57EDD0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "752CC26D-33D2-43F1-A43B-E101553895C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "317134CF-981A-44CC-B068-BA762AED5EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20BAB657-CAB8-4473-9EE5-5F725F2EB1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84D1387B-91E2-4AC8-B387-B50F4D7DFDC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19028501-E538-4F36-8DF7-3D2A76D86895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7173317-9F5E-4F80-A957-02084B8DC8C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "297935D9-E108-4DB1-B4C8-2AC43DB6EA04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "770BBF88-63D2-4AD6-B28F-5664DFFD746E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45B16588-35CA-4640-8FA8-BC63D91C7416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA35F28-CAA5-4C03-ABB8-4647537CC8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAC824F-2031-4427-BF38-C32A7644D2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7884CCA6-2031-41DB-860D-AF18047AF617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A906D87C-5557-4FC0-BBF3-7169EF35DEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC34DC23-117A-403E-9C87-79B1C512A5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE559DF-3874-42E7-BB5B-8968E52D7A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11068A01-20FB-4039-8919-85CF93F0FF2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9435E392-AE02-48A8-9A2D-3D1593DA3DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B3D730-15C0-494A-A0B6-231C9F370A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A917E7C9-BC1A-4D62-9A89-9D73A748D926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A01622-5254-4B3B-9412-771BE7400FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3A5A98-3544-4A95-8436-0DF013B22CD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "BECF00EC-A188-4B7F-BA51-3AAC3B4195B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.8.05:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2370B5-681D-469F-B07C-B9212A975C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pliant:pliant_dns_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA13B142-71F9-475E-A28A-DDE94BE0E7FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1930E3DE-67BE-41F2-B8E3-BA8E18762C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17C7DD08-C349-4687-8FAF-CCD211A9C166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.6:*:*:*:*:*:*:*",
"matchCriteriaId": "981611C8-B957-428B-9500-37C60AE0E7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D34782A9-4CCB-45AD-BA23-EE98EE218B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9D2517-4EAF-4DB9-B0EE-51F65671D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA40391-39D5-4CB7-BB8E-048C4ECBC3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.60.0:*:*:*:*:*:*:*",
"matchCriteriaId": "135BFFE3-FF18-4462-9D19-2DF986E947DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.60.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD907CE8-E0CD-46AA-A9E4-3D0FA3939DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:m5pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "530D1254-DC0A-4A7C-9520-D0F45B9AF278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:m5pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3BF047-0339-4064-9B3B-68E96F1AB1B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7BC4C8-FB7B-4A88-B97B-984D9AA8EA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1D98E1-EBE1-4697-906F-E29C91D9074D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.1_beta_a:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB1D7C0-E484-4441-AA68-FBA5A3309547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F0670C-C07E-4A84-952B-88200D2D9B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.1_build_993:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD8E2B-37BF-4989-ABF3-9EC8E6F1C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.1_build_995:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCFB397-9F5F-42F8-ABB3-9700F100D43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:team_johnlong:raidendnsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4967B8F-D25F-4B55-842E-0C7819EDA88A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37F0C4C8-E648-4486-BFE3-23333FCFF118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "56647964-82B3-4A7A-BE0D-C252654F8CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B83A6F-1996-49B7-BA76-98B83548F289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "E021E51E-EA28-4E61-A08A-A590984A483E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "94ABCB8C-8EED-4635-BA54-735CA12A1F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "38C70CE1-0116-4C91-AB59-0C0D9F17099B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "44B1C47A-938B-4F9B-B4B5-88B8622DC965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E890E332-7A3B-4B6A-91B3-7FEFAF5DBA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "4830EAF7-9504-4090-8DDD-6CC6658ABFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7E26AD96-7BA4-4722-B059-6444FFC2E6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "E06E7446-34EC-428A-82EE-2E24F2908C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4996E0-097B-4B79-8A1C-CE55F94B8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0200586F-7F71-47F6-8D2E-F06E1BF418E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5764F35-7F21-40D0-A3FF-8EEF97F7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE3CF46-91CC-4AFD-B178-48AE90E0E339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D79A54BC-789D-4ED2-B3BC-C42959D7FFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8A437-5AF7-448E-9AF8-D8FBA481CFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5663D3D1-5962-4C43-B689-089EAFE25FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "34EDC537-0EFF-46EA-8368-A690480E5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "39798220-4621-4C5D-B6A7-6639D02E0C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "05EF66A4-F7BB-40C3-9CBF-5DB8715780C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCA7249-7F8F-4A2D-B98F-6AA0ECF17D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "0E942419-3272-4267-AF23-4B6071D71277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "3848A541-4F14-4E3B-99EE-B7C5A886C541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "34E980E1-62B8-4E37-AE9D-DFE033053620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "730E6E09-C0C8-4F8A-BE07-BFED00FC1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "81100E37-1B99-4317-829F-B4A2278FA323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10321B16-1675-4609-8267-3971A9062AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "35F0E1BA-D05F-41CB-ACD9-035A6DF4735E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD73320-38DA-4606-9CEA-F0C9D5A3215F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374F1E-06BC-4A9E-8666-336AACC1F5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3F905-8AC0-42A3-AC63-BA61AE6619AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "46E11270-65DE-4C07-A103-66217691069E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B93D2AD-FA36-4A6C-AC52-6FD0F3AE6A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D109CF38-0F5F-4A20-8A4A-DBE14D7826CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6E6FEA-9D2E-4ACD-8C3A-98DA4EB1C994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10B4A828-33F4-4FB7-9637-3C761A73AEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "41CB517F-BDC9-40D0-AB0D-2DFC7669E8F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet."
}
],
"id": "CVE-2004-0789",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/13145"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/13145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2425
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "94ABCB8C-8EED-4635-BA54-735CA12A1F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "38C70CE1-0116-4C91-AB59-0C0D9F17099B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "44B1C47A-938B-4F9B-B4B5-88B8622DC965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E890E332-7A3B-4B6A-91B3-7FEFAF5DBA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "4830EAF7-9504-4090-8DDD-6CC6658ABFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7E26AD96-7BA4-4722-B059-6444FFC2E6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "E06E7446-34EC-428A-82EE-2E24F2908C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4996E0-097B-4B79-8A1C-CE55F94B8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0200586F-7F71-47F6-8D2E-F06E1BF418E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5764F35-7F21-40D0-A3FF-8EEF97F7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE3CF46-91CC-4AFD-B178-48AE90E0E339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D79A54BC-789D-4ED2-B3BC-C42959D7FFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8A437-5AF7-448E-9AF8-D8FBA481CFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5663D3D1-5962-4C43-B689-089EAFE25FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "34EDC537-0EFF-46EA-8368-A690480E5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "39798220-4621-4C5D-B6A7-6639D02E0C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "05EF66A4-F7BB-40C3-9CBF-5DB8715780C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCA7249-7F8F-4A2D-B98F-6AA0ECF17D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "0E942419-3272-4267-AF23-4B6071D71277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "3848A541-4F14-4E3B-99EE-B7C5A886C541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "34E980E1-62B8-4E37-AE9D-DFE033053620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "730E6E09-C0C8-4F8A-BE07-BFED00FC1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "693571B9-BADF-4659-95D0-F08BF32F8C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A80666-C318-416B-A440-C99DB85739DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "3198BD36-7585-493D-B767-188F86949046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "4891B49A-2957-4097-A0B9-12808956CDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "95849B6C-BA5C-4C47-8AD0-AB41C269FFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AC228FC3-3687-4FED-A684-203040EEE884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27F906AC-E00B-482E-82FE-1A50F118FDEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "540C4514-CC7D-4770-9DA8-8CE667CA00F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "95FA3628-81A6-4988-8A40-4A0581FDA493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "325D60DE-F689-4F76-ABB5-6065647A826A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B19EA718-9899-4894-8EF2-E6C085804BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D16DD747-AA9A-4AC4-975C-0927C1637268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A67DEDC-9269-4510-9F78-587879376A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8568E6B0-0016-40CC-BE22-BE3A2CE99C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "238B59A2-F9C9-40CB-9700-831FE4B0AF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C1C0AD-A638-45FC-ACAE-A7F056887025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F8BD2D-559E-4F01-A97E-AF51C7E61E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B40EB035-544F-4E0E-ADC0-9C63A5B91435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7626B23F-1DC3-4CDC-A52F-5A1191D6D135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "81100E37-1B99-4317-829F-B4A2278FA323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10321B16-1675-4609-8267-3971A9062AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*",
"matchCriteriaId": "B011DC65-EE78-49C2-B813-2381A06F6617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AA31BA47-991B-4F8C-881C-09D9C6210DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFEB8F2-0E37-450B-8390-5B055E3848F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5DEA84-37AD-4040-817D-928371236987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "208DC45A-4E9C-4B6E-A984-C598485CB08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FB14B0A4-F98A-4331-993A-C5CD70F3903F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B6885E77-4FD0-4C37-ADEC-2A5F8791C161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E1975F46-53D7-4C80-914C-3E5E85870191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "35F0E1BA-D05F-41CB-ACD9-035A6DF4735E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "77835F00-45F1-49CB-9D34-160F0FE1E3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "802A9E89-4715-4CB9-A371-5407A7320D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61B77020-D355-4179-ADEC-B0C59AB86478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD73320-38DA-4606-9CEA-F0C9D5A3215F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374F1E-06BC-4A9E-8666-336AACC1F5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3F905-8AC0-42A3-AC63-BA61AE6619AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "46E11270-65DE-4C07-A103-66217691069E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B93D2AD-FA36-4A6C-AC52-6FD0F3AE6A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D109CF38-0F5F-4A20-8A4A-DBE14D7826CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6E6FEA-9D2E-4ACD-8C3A-98DA4EB1C994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10B4A828-33F4-4FB7-9637-3C761A73AEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D0B93D-00EC-4C5D-A173-34C28D20BF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "43D3B41F-4705-4CCC-BE6F-F7193EB24F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80523474-5361-464C-9588-6C55EA40E652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA38241-A7D8-4A73-833E-3DF470624163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "12B56127-2DC3-4718-96F9-54FF156698BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3F1771-AB7A-417C-A996-B0B4E03E8126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87C5C780-BBDB-410C-AE9D-4E48EFE0D47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9034743F-699F-40A6-8D53-6631C78281FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "37949AD3-54DE-4302-98AD-4EBFCF3CBB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FF5F2F9D-5D62-42FE-A60A-72C09E06E9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7889BD02-DCDE-49F4-B432-DF9EB39C1251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi."
}
],
"id": "CVE-2004-2425",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12353"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9121"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-0240
Vulnerability from fkie_nvd - Published: 2003-06-09 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | 2100_network_camera | * | |
| axis | 2110_network_camera | * | |
| axis | 2120_network_camera | * | |
| axis | 2130_ptz_network_camera | * | |
| axis | 2400_video_server | * | |
| axis | 2401_video_server | * | |
| axis | 2420_network_camera | * | |
| axis | 2460_network_dvr | * | |
| axis | 250s_video_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2570AC32-525A-47BD-B13E-EB9ED7A7A527",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3B8362-1E77-4F67-A9E9-B31B82980331",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1076E59E-8F35-46BF-A8AA-D3FF2F49879D",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A741E9C-25EE-47A2-AD5E-2B348F6D6AAA",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4DC4AC-6416-44B9-808E-CBE907687A35",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D42850B0-AE7D-457D-BF27-EF5B9F429CE3",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91A70331-0B56-44F2-8134-1346D60090DF",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD23BD15-EEFB-490A-9253-46F1942EDC87",
"versionEndIncluding": "3.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B102633A-D63C-458F-BDE3-B9082166B9C6",
"versionEndIncluding": "3.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash)."
},
{
"lang": "es",
"value": "Las capacidades de administraci\u00f3n basadas en web de varios productos Axis Network Camera permite que atacantes remotos se salten las restricciones de acceso y modifiquen la configuraci\u00f3n mediante una petici\u00f3n HTTP a admin/admin.shtml que contiene \u0027//\" (dos barras) al principio."
}
],
"id": "CVE-2003-0240",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-06-09T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/8876"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1006854"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4804"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/7652"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/8876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1006854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/7652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2001-1543
Vulnerability from fkie_nvd - Published: 2001-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | 2100_network_camera | * | |
| axis | 2110_network_camera | * | |
| axis | 2120_network_camera | * | |
| axis | neteye_200 | * | |
| axis | neteye_200\+ | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B973F5FD-AA57-498F-A3AA-A32EA6487738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6BCFB1-CD3D-4DAB-B8B4-BF3FDA37747E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9B7A07-8E5D-4207-890A-01E3AEDD98F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:neteye_200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "445FDFE9-2E6C-455F-9D04-26A733B70657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:neteye_200\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47CA2A9C-44C9-4BBB-8281-B27466F71DF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password \"pass\", which allows remote attackers to gain access to the camera."
}
],
"id": "CVE-2001-1543",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/7665.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/7665.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3640"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-5212 (GCVE-0-2007-5212)
Vulnerability from cvelistv5 – Published: 2007-10-04 23:00 – Updated: 2024-08-07 15:24
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38795"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "3188",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "25837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "38796",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38796"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38795"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "3188",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "25837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "38796",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38796"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38795",
"refsource": "OSVDB",
"url": "http://osvdb.org/38795"
},
{
"name": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "3188",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "25837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "38796",
"refsource": "OSVDB",
"url": "http://osvdb.org/38796"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5212",
"datePublished": "2007-10-04T23:00:00",
"dateReserved": "2007-10-04T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5213 (GCVE-0-2007-5213)
Vulnerability from cvelistv5 – Published: 2007-10-04 23:00 – Updated: 2024-08-07 15:24
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "39490",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39490"
},
{
"name": "3188",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "25837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "39491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39491"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "39490",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39490"
},
{
"name": "3188",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "25837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "39491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39491"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "39490",
"refsource": "OSVDB",
"url": "http://osvdb.org/39490"
},
{
"name": "3188",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "25837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "39491",
"refsource": "OSVDB",
"url": "http://osvdb.org/39491"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5213",
"datePublished": "2007-10-04T23:00:00",
"dateReserved": "2007-10-04T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5214 (GCVE-0-2007-5214)
Vulnerability from cvelistv5 – Published: 2007-10-04 23:00 – Updated: 2024-08-07 15:24
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39493"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "axis2100-logpage-xss(36842)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36842"
},
{
"name": "3188",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "39494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39494"
},
{
"name": "axis2100-networksettings-xss(36840)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36840"
},
{
"name": "25837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "axis2100-videoviewing-xss(36841)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36841"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"name": "39492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39492"
},
{
"name": "39495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39495"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39493"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "axis2100-logpage-xss(36842)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36842"
},
{
"name": "3188",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "39494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39494"
},
{
"name": "axis2100-networksettings-xss(36840)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36840"
},
{
"name": "25837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "axis2100-videoviewing-xss(36841)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36841"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"name": "39492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39492"
},
{
"name": "39495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39495"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39493",
"refsource": "OSVDB",
"url": "http://osvdb.org/39493"
},
{
"name": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "axis2100-logpage-xss(36842)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36842"
},
{
"name": "3188",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "39494",
"refsource": "OSVDB",
"url": "http://osvdb.org/39494"
},
{
"name": "axis2100-networksettings-xss(36840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36840"
},
{
"name": "25837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "axis2100-videoviewing-xss(36841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36841"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"name": "39492",
"refsource": "OSVDB",
"url": "http://osvdb.org/39492"
},
{
"name": "39495",
"refsource": "OSVDB",
"url": "http://osvdb.org/39495"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5214",
"datePublished": "2007-10-04T23:00:00",
"dateReserved": "2007-10-04T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2239 (GCVE-0-2007-2239)
Vulnerability from cvelistv5 – Published: 2007-05-07 19:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "axis-activex-savebmp-bo(34133)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"name": "35602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35602"
},
{
"name": "ADV-2007-1663",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"name": "23816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23816"
},
{
"name": "VU#355809",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"name": "25093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "axis-activex-savebmp-bo(34133)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"name": "35602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35602"
},
{
"name": "ADV-2007-1663",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"name": "23816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23816"
},
{
"name": "VU#355809",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"name": "25093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-2239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "axis-activex-savebmp-bo(34133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"name": "35602",
"refsource": "OSVDB",
"url": "http://osvdb.org/35602"
},
{
"name": "ADV-2007-1663",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"name": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf",
"refsource": "CONFIRM",
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"name": "23816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23816"
},
{
"name": "VU#355809",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"name": "25093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2007-2239",
"datePublished": "2007-05-07T19:00:00",
"dateReserved": "2007-04-25T00:00:00",
"dateUpdated": "2024-08-07T13:33:27.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0789 (GCVE-0-2004-0789)
Vulnerability from cvelistv5 – Published: 2005-09-01 04:00 – Updated: 2024-08-08 00:31
VLAI?
Summary
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:46.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11642"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"name": "http://www.posadis.org/advisories/pos_adv_006.txt",
"refsource": "CONFIRM",
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0789",
"datePublished": "2005-09-01T04:00:00",
"dateReserved": "2004-08-17T00:00:00",
"dateUpdated": "2024-08-08T00:31:46.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2426 (GCVE-0-2004-2426)
Vulnerability from cvelistv5 – Published: 2005-08-18 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9122"
},
{
"name": "axis-directory-traversal(17079)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9122"
},
{
"name": "axis-directory-traversal(17079)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9122",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9122"
},
{
"name": "axis-directory-traversal(17079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"name": "11011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2426",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2427 (GCVE-0-2004-2427)
Vulnerability from cvelistv5 – Published: 2005-08-18 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9126"
},
{
"name": "9127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9127"
},
{
"name": "9129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9129"
},
{
"name": "9128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9128"
},
{
"name": "9125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9125"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "9130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9130"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"name": "9123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9126"
},
{
"name": "9127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9127"
},
{
"name": "9129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9129"
},
{
"name": "9128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9128"
},
{
"name": "9125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9125"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "9130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9130"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"name": "9123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9126",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9126"
},
{
"name": "9127",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9127"
},
{
"name": "9129",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9129"
},
{
"name": "9128",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9128"
},
{
"name": "9125",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9125"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "9130",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9130"
},
{
"name": "1011056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011056"
},
{
"name": "9123",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2427",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2425 (GCVE-0-2004-2425)
Vulnerability from cvelistv5 – Published: 2005-08-18 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asix-command-execution(17076)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"name": "9121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9121"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asix-command-execution(17076)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"name": "9121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9121"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asix-command-execution(17076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"name": "9121",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9121"
},
{
"name": "11011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2425",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1543 (GCVE-0-2001-1543)
Vulnerability from cvelistv5 – Published: 2005-07-14 04:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3640",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3640"
},
{
"name": "20011205 Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"name": "20011206 Re: Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"name": "axis-default-admin-passwd(7665)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7665.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password \"pass\", which allows remote attackers to gain access to the camera."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-14T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3640",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3640"
},
{
"name": "20011205 Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"name": "20011206 Re: Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"name": "axis-default-admin-passwd(7665)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7665.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password \"pass\", which allows remote attackers to gain access to the camera."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3640"
},
{
"name": "20011205 Axis Network Camera known default password vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"name": "20011206 Re: Axis Network Camera known default password vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"name": "axis-default-admin-passwd(7665)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7665.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1543",
"datePublished": "2005-07-14T04:00:00Z",
"dateReserved": "2005-07-14T00:00:00Z",
"dateUpdated": "2024-09-16T23:06:08.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0240 (GCVE-0-2003-0240)
Vulnerability from cvelistv5 – Published: 2003-05-30 04:00 – Updated: 2024-08-08 01:43
VLAI?
Summary
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1006854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1006854"
},
{
"name": "axis-admin-authentication-bypass(12104)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"name": "7652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7652"
},
{
"name": "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"name": "VU#799060",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"name": "4804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4804"
},
{
"name": "8876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8876"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1006854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1006854"
},
{
"name": "axis-admin-authentication-bypass(12104)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"name": "7652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7652"
},
{
"name": "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"name": "VU#799060",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"name": "4804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4804"
},
{
"name": "8876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8876"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1006854",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1006854"
},
{
"name": "axis-admin-authentication-bypass(12104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"name": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10",
"refsource": "MISC",
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"name": "7652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7652"
},
{
"name": "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"name": "VU#799060",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"name": "4804",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4804"
},
{
"name": "8876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8876"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0240",
"datePublished": "2003-05-30T04:00:00",
"dateReserved": "2003-05-01T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5212 (GCVE-0-2007-5212)
Vulnerability from nvd – Published: 2007-10-04 23:00 – Updated: 2024-08-07 15:24
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38795"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "3188",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "25837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "38796",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38796"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38795"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "3188",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "25837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "38796",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38796"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38795",
"refsource": "OSVDB",
"url": "http://osvdb.org/38795"
},
{
"name": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "3188",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "25837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "38796",
"refsource": "OSVDB",
"url": "http://osvdb.org/38796"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5212",
"datePublished": "2007-10-04T23:00:00",
"dateReserved": "2007-10-04T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5213 (GCVE-0-2007-5213)
Vulnerability from nvd – Published: 2007-10-04 23:00 – Updated: 2024-08-07 15:24
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "39490",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39490"
},
{
"name": "3188",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "25837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "39491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39491"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "39490",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39490"
},
{
"name": "3188",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "25837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "39491",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39491"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "39490",
"refsource": "OSVDB",
"url": "http://osvdb.org/39490"
},
{
"name": "3188",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "25837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "39491",
"refsource": "OSVDB",
"url": "http://osvdb.org/39491"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5213",
"datePublished": "2007-10-04T23:00:00",
"dateReserved": "2007-10-04T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5214 (GCVE-0-2007-5214)
Vulnerability from nvd – Published: 2007-10-04 23:00 – Updated: 2024-08-07 15:24
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39493"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "axis2100-logpage-xss(36842)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36842"
},
{
"name": "3188",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "39494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39494"
},
{
"name": "axis2100-networksettings-xss(36840)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36840"
},
{
"name": "25837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "axis2100-videoviewing-xss(36841)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36841"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"name": "39492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39492"
},
{
"name": "39495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39495"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39493",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39493"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "axis2100-logpage-xss(36842)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36842"
},
{
"name": "3188",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "39494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39494"
},
{
"name": "axis2100-networksettings-xss(36840)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36840"
},
{
"name": "25837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "axis2100-videoviewing-xss(36841)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36841"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"name": "39492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39492"
},
{
"name": "39495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39495"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39493",
"refsource": "OSVDB",
"url": "http://osvdb.org/39493"
},
{
"name": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf"
},
{
"name": "axis2100-logpage-xss(36842)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36842"
},
{
"name": "3188",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3188"
},
{
"name": "39494",
"refsource": "OSVDB",
"url": "http://osvdb.org/39494"
},
{
"name": "axis2100-networksettings-xss(36840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36840"
},
{
"name": "25837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25837"
},
{
"name": "axis2100-videoviewing-xss(36841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36841"
},
{
"name": "20070928 Owning Big Brother: How to Crack into Axis IP cameras",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"name": "39492",
"refsource": "OSVDB",
"url": "http://osvdb.org/39492"
},
{
"name": "39495",
"refsource": "OSVDB",
"url": "http://osvdb.org/39495"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5214",
"datePublished": "2007-10-04T23:00:00",
"dateReserved": "2007-10-04T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2239 (GCVE-0-2007-2239)
Vulnerability from nvd – Published: 2007-05-07 19:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "axis-activex-savebmp-bo(34133)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"name": "35602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35602"
},
{
"name": "ADV-2007-1663",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"name": "23816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23816"
},
{
"name": "VU#355809",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"name": "25093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "axis-activex-savebmp-bo(34133)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"name": "35602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35602"
},
{
"name": "ADV-2007-1663",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"name": "23816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23816"
},
{
"name": "VU#355809",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"name": "25093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-2239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "axis-activex-savebmp-bo(34133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"name": "35602",
"refsource": "OSVDB",
"url": "http://osvdb.org/35602"
},
{
"name": "ADV-2007-1663",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"name": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf",
"refsource": "CONFIRM",
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"name": "23816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23816"
},
{
"name": "VU#355809",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"name": "25093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2007-2239",
"datePublished": "2007-05-07T19:00:00",
"dateReserved": "2007-04-25T00:00:00",
"dateUpdated": "2024-08-07T13:33:27.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0789 (GCVE-0-2004-0789)
Vulnerability from nvd – Published: 2005-09-01 04:00 – Updated: 2024-08-08 00:31
VLAI?
Summary
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:46.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11642"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"name": "http://www.posadis.org/advisories/pos_adv_006.txt",
"refsource": "CONFIRM",
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0789",
"datePublished": "2005-09-01T04:00:00",
"dateReserved": "2004-08-17T00:00:00",
"dateUpdated": "2024-08-08T00:31:46.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2426 (GCVE-0-2004-2426)
Vulnerability from nvd – Published: 2005-08-18 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9122"
},
{
"name": "axis-directory-traversal(17079)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9122"
},
{
"name": "axis-directory-traversal(17079)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9122",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9122"
},
{
"name": "axis-directory-traversal(17079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"name": "11011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2426",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2427 (GCVE-0-2004-2427)
Vulnerability from nvd – Published: 2005-08-18 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9126"
},
{
"name": "9127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9127"
},
{
"name": "9129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9129"
},
{
"name": "9128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9128"
},
{
"name": "9125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9125"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "9130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9130"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"name": "9123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9126"
},
{
"name": "9127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9127"
},
{
"name": "9129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9129"
},
{
"name": "9128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9128"
},
{
"name": "9125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9125"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "9130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9130"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"name": "9123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9126",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9126"
},
{
"name": "9127",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9127"
},
{
"name": "9129",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9129"
},
{
"name": "9128",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9128"
},
{
"name": "9125",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9125"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "9130",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9130"
},
{
"name": "1011056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011056"
},
{
"name": "9123",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2427",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2425 (GCVE-0-2004-2425)
Vulnerability from nvd – Published: 2005-08-18 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asix-command-execution(17076)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"name": "9121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9121"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asix-command-execution(17076)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"name": "9121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9121"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asix-command-execution(17076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"name": "9121",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9121"
},
{
"name": "11011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2425",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1543 (GCVE-0-2001-1543)
Vulnerability from nvd – Published: 2005-07-14 04:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3640",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3640"
},
{
"name": "20011205 Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"name": "20011206 Re: Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"name": "axis-default-admin-passwd(7665)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7665.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password \"pass\", which allows remote attackers to gain access to the camera."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-14T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3640",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3640"
},
{
"name": "20011205 Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"name": "20011206 Re: Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"name": "axis-default-admin-passwd(7665)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7665.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password \"pass\", which allows remote attackers to gain access to the camera."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3640"
},
{
"name": "20011205 Axis Network Camera known default password vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"name": "20011206 Re: Axis Network Camera known default password vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"name": "axis-default-admin-passwd(7665)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7665.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1543",
"datePublished": "2005-07-14T04:00:00Z",
"dateReserved": "2005-07-14T00:00:00Z",
"dateUpdated": "2024-09-16T23:06:08.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0240 (GCVE-0-2003-0240)
Vulnerability from nvd – Published: 2003-05-30 04:00 – Updated: 2024-08-08 01:43
VLAI?
Summary
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1006854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1006854"
},
{
"name": "axis-admin-authentication-bypass(12104)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"name": "7652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7652"
},
{
"name": "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"name": "VU#799060",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"name": "4804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4804"
},
{
"name": "8876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8876"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1006854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1006854"
},
{
"name": "axis-admin-authentication-bypass(12104)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"name": "7652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7652"
},
{
"name": "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"name": "VU#799060",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"name": "4804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4804"
},
{
"name": "8876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8876"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1006854",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1006854"
},
{
"name": "axis-admin-authentication-bypass(12104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"name": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10",
"refsource": "MISC",
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"name": "7652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7652"
},
{
"name": "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"name": "VU#799060",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"name": "4804",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4804"
},
{
"name": "8876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8876"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0240",
"datePublished": "2003-05-30T04:00:00",
"dateReserved": "2003-05-01T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}