Search criteria
21 vulnerabilities found for 2110_network_camera by axis
FKIE_CVE-2007-2239
Vulnerability from fkie_nvd - Published: 2007-05-07 19:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | 2100_network_camera | * | |
| axis | 2110_network_camera | * | |
| axis | 2120_network_camera | * | |
| axis | 2130_ptz_network_camera | * | |
| axis | 2400_video_server | * | |
| axis | 2401_video_server | * | |
| axis | 2411_video_server | * | |
| axis | 2420-ir_network_camera | * | |
| axis | 2420_network_camera | * | |
| axis | panorama_ptz_camera | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD1571CD-BD03-439E-8E63-9684843B2797",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77ED11B9-32FF-40E8-B67B-3EAD53AC2BF1",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73E31DBA-0684-4530-BF0D-805642FF7A66",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "895BD791-C0F2-4531-8A12-902061617C7E",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81454CC0-FE25-4C13-876B-53D1CF8249A2",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F113DC5-74ED-48C8-AEEA-3CBA0A2A717F",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2104BD1B-B7B3-40F2-9402-38225FA9785D",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420-ir_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15C0AAB0-C5F5-42F5-85A2-816531B52961",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D85522A-D180-4F81-9D5F-FFC092E6EA79",
"versionEndIncluding": "2.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:panorama_ptz_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5697A2-84B1-4BDC-9BCC-544BDCDA1AAE",
"versionEndIncluding": "2.39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el m\u00e9todo SaveBMP en el control ActiveX AXIS Camera Control (tambi\u00e9n conocido como CamImage) anterior a 2.40.0.0 en AxisCamControl.ocx en AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, y Panorama PTZ permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida del Internet Explorer) o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de argumentos largos."
}
],
"id": "CVE-2007-2239",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-07T19:19:00.000",
"references": [
{
"source": "cret@cert.org",
"url": "http://osvdb.org/35602"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25093"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/23816"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2426
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "94ABCB8C-8EED-4635-BA54-735CA12A1F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "38C70CE1-0116-4C91-AB59-0C0D9F17099B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "44B1C47A-938B-4F9B-B4B5-88B8622DC965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E890E332-7A3B-4B6A-91B3-7FEFAF5DBA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "4830EAF7-9504-4090-8DDD-6CC6658ABFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7E26AD96-7BA4-4722-B059-6444FFC2E6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "E06E7446-34EC-428A-82EE-2E24F2908C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4996E0-097B-4B79-8A1C-CE55F94B8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0200586F-7F71-47F6-8D2E-F06E1BF418E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5764F35-7F21-40D0-A3FF-8EEF97F7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE3CF46-91CC-4AFD-B178-48AE90E0E339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D79A54BC-789D-4ED2-B3BC-C42959D7FFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8A437-5AF7-448E-9AF8-D8FBA481CFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5663D3D1-5962-4C43-B689-089EAFE25FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "34EDC537-0EFF-46EA-8368-A690480E5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "39798220-4621-4C5D-B6A7-6639D02E0C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "05EF66A4-F7BB-40C3-9CBF-5DB8715780C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCA7249-7F8F-4A2D-B98F-6AA0ECF17D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "0E942419-3272-4267-AF23-4B6071D71277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "3848A541-4F14-4E3B-99EE-B7C5A886C541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "34E980E1-62B8-4E37-AE9D-DFE033053620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "730E6E09-C0C8-4F8A-BE07-BFED00FC1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "693571B9-BADF-4659-95D0-F08BF32F8C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A80666-C318-416B-A440-C99DB85739DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "3198BD36-7585-493D-B767-188F86949046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "4891B49A-2957-4097-A0B9-12808956CDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "95849B6C-BA5C-4C47-8AD0-AB41C269FFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AC228FC3-3687-4FED-A684-203040EEE884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27F906AC-E00B-482E-82FE-1A50F118FDEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "540C4514-CC7D-4770-9DA8-8CE667CA00F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "95FA3628-81A6-4988-8A40-4A0581FDA493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "325D60DE-F689-4F76-ABB5-6065647A826A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B19EA718-9899-4894-8EF2-E6C085804BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D16DD747-AA9A-4AC4-975C-0927C1637268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A67DEDC-9269-4510-9F78-587879376A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8568E6B0-0016-40CC-BE22-BE3A2CE99C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "238B59A2-F9C9-40CB-9700-831FE4B0AF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C1C0AD-A638-45FC-ACAE-A7F056887025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F8BD2D-559E-4F01-A97E-AF51C7E61E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B40EB035-544F-4E0E-ADC0-9C63A5B91435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7626B23F-1DC3-4CDC-A52F-5A1191D6D135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "81100E37-1B99-4317-829F-B4A2278FA323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10321B16-1675-4609-8267-3971A9062AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*",
"matchCriteriaId": "B011DC65-EE78-49C2-B813-2381A06F6617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AA31BA47-991B-4F8C-881C-09D9C6210DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFEB8F2-0E37-450B-8390-5B055E3848F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5DEA84-37AD-4040-817D-928371236987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "208DC45A-4E9C-4B6E-A984-C598485CB08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FB14B0A4-F98A-4331-993A-C5CD70F3903F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B6885E77-4FD0-4C37-ADEC-2A5F8791C161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E1975F46-53D7-4C80-914C-3E5E85870191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "35F0E1BA-D05F-41CB-ACD9-035A6DF4735E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "77835F00-45F1-49CB-9D34-160F0FE1E3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "802A9E89-4715-4CB9-A371-5407A7320D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61B77020-D355-4179-ADEC-B0C59AB86478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD73320-38DA-4606-9CEA-F0C9D5A3215F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374F1E-06BC-4A9E-8666-336AACC1F5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3F905-8AC0-42A3-AC63-BA61AE6619AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "46E11270-65DE-4C07-A103-66217691069E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B93D2AD-FA36-4A6C-AC52-6FD0F3AE6A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D109CF38-0F5F-4A20-8A4A-DBE14D7826CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6E6FEA-9D2E-4ACD-8C3A-98DA4EB1C994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10B4A828-33F4-4FB7-9637-3C761A73AEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D0B93D-00EC-4C5D-A173-34C28D20BF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "43D3B41F-4705-4CCC-BE6F-F7193EB24F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80523474-5361-464C-9588-6C55EA40E652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA38241-A7D8-4A73-833E-3DF470624163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "12B56127-2DC3-4718-96F9-54FF156698BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3F1771-AB7A-417C-A996-B0B4E03E8126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87C5C780-BBDB-410C-AE9D-4E48EFE0D47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9034743F-699F-40A6-8D53-6631C78281FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "37949AD3-54DE-4302-98AD-4EBFCF3CBB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FF5F2F9D-5D62-42FE-A60A-72C09E06E9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7889BD02-DCDE-49F4-B432-DF9EB39C1251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi."
}
],
"id": "CVE-2004-2426",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12353"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9122"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2425
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "94ABCB8C-8EED-4635-BA54-735CA12A1F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "38C70CE1-0116-4C91-AB59-0C0D9F17099B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "44B1C47A-938B-4F9B-B4B5-88B8622DC965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E890E332-7A3B-4B6A-91B3-7FEFAF5DBA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "4830EAF7-9504-4090-8DDD-6CC6658ABFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7E26AD96-7BA4-4722-B059-6444FFC2E6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "E06E7446-34EC-428A-82EE-2E24F2908C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4996E0-097B-4B79-8A1C-CE55F94B8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0200586F-7F71-47F6-8D2E-F06E1BF418E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5764F35-7F21-40D0-A3FF-8EEF97F7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE3CF46-91CC-4AFD-B178-48AE90E0E339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D79A54BC-789D-4ED2-B3BC-C42959D7FFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8A437-5AF7-448E-9AF8-D8FBA481CFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5663D3D1-5962-4C43-B689-089EAFE25FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "34EDC537-0EFF-46EA-8368-A690480E5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "39798220-4621-4C5D-B6A7-6639D02E0C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "05EF66A4-F7BB-40C3-9CBF-5DB8715780C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCA7249-7F8F-4A2D-B98F-6AA0ECF17D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "0E942419-3272-4267-AF23-4B6071D71277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "3848A541-4F14-4E3B-99EE-B7C5A886C541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "34E980E1-62B8-4E37-AE9D-DFE033053620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "730E6E09-C0C8-4F8A-BE07-BFED00FC1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "693571B9-BADF-4659-95D0-F08BF32F8C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A80666-C318-416B-A440-C99DB85739DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "3198BD36-7585-493D-B767-188F86949046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "4891B49A-2957-4097-A0B9-12808956CDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "95849B6C-BA5C-4C47-8AD0-AB41C269FFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AC228FC3-3687-4FED-A684-203040EEE884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27F906AC-E00B-482E-82FE-1A50F118FDEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "540C4514-CC7D-4770-9DA8-8CE667CA00F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "95FA3628-81A6-4988-8A40-4A0581FDA493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "325D60DE-F689-4F76-ABB5-6065647A826A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B19EA718-9899-4894-8EF2-E6C085804BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D16DD747-AA9A-4AC4-975C-0927C1637268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A67DEDC-9269-4510-9F78-587879376A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8568E6B0-0016-40CC-BE22-BE3A2CE99C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "238B59A2-F9C9-40CB-9700-831FE4B0AF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C1C0AD-A638-45FC-ACAE-A7F056887025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F8BD2D-559E-4F01-A97E-AF51C7E61E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B40EB035-544F-4E0E-ADC0-9C63A5B91435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7626B23F-1DC3-4CDC-A52F-5A1191D6D135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "81100E37-1B99-4317-829F-B4A2278FA323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10321B16-1675-4609-8267-3971A9062AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*",
"matchCriteriaId": "B011DC65-EE78-49C2-B813-2381A06F6617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AA31BA47-991B-4F8C-881C-09D9C6210DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFEB8F2-0E37-450B-8390-5B055E3848F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5DEA84-37AD-4040-817D-928371236987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "208DC45A-4E9C-4B6E-A984-C598485CB08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FB14B0A4-F98A-4331-993A-C5CD70F3903F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B6885E77-4FD0-4C37-ADEC-2A5F8791C161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E1975F46-53D7-4C80-914C-3E5E85870191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "35F0E1BA-D05F-41CB-ACD9-035A6DF4735E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "77835F00-45F1-49CB-9D34-160F0FE1E3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "802A9E89-4715-4CB9-A371-5407A7320D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61B77020-D355-4179-ADEC-B0C59AB86478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD73320-38DA-4606-9CEA-F0C9D5A3215F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374F1E-06BC-4A9E-8666-336AACC1F5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3F905-8AC0-42A3-AC63-BA61AE6619AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "46E11270-65DE-4C07-A103-66217691069E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B93D2AD-FA36-4A6C-AC52-6FD0F3AE6A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D109CF38-0F5F-4A20-8A4A-DBE14D7826CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6E6FEA-9D2E-4ACD-8C3A-98DA4EB1C994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10B4A828-33F4-4FB7-9637-3C761A73AEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D0B93D-00EC-4C5D-A173-34C28D20BF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "43D3B41F-4705-4CCC-BE6F-F7193EB24F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80523474-5361-464C-9588-6C55EA40E652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA38241-A7D8-4A73-833E-3DF470624163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "12B56127-2DC3-4718-96F9-54FF156698BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3F1771-AB7A-417C-A996-B0B4E03E8126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87C5C780-BBDB-410C-AE9D-4E48EFE0D47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9034743F-699F-40A6-8D53-6631C78281FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "37949AD3-54DE-4302-98AD-4EBFCF3CBB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FF5F2F9D-5D62-42FE-A60A-72C09E06E9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7889BD02-DCDE-49F4-B432-DF9EB39C1251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi."
}
],
"id": "CVE-2004-2425",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12353"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9121"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2427
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "94ABCB8C-8EED-4635-BA54-735CA12A1F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "38C70CE1-0116-4C91-AB59-0C0D9F17099B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "44B1C47A-938B-4F9B-B4B5-88B8622DC965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E890E332-7A3B-4B6A-91B3-7FEFAF5DBA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "4830EAF7-9504-4090-8DDD-6CC6658ABFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7E26AD96-7BA4-4722-B059-6444FFC2E6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "E06E7446-34EC-428A-82EE-2E24F2908C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4996E0-097B-4B79-8A1C-CE55F94B8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0200586F-7F71-47F6-8D2E-F06E1BF418E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5764F35-7F21-40D0-A3FF-8EEF97F7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE3CF46-91CC-4AFD-B178-48AE90E0E339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D79A54BC-789D-4ED2-B3BC-C42959D7FFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8A437-5AF7-448E-9AF8-D8FBA481CFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5663D3D1-5962-4C43-B689-089EAFE25FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "34EDC537-0EFF-46EA-8368-A690480E5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "39798220-4621-4C5D-B6A7-6639D02E0C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "05EF66A4-F7BB-40C3-9CBF-5DB8715780C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCA7249-7F8F-4A2D-B98F-6AA0ECF17D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "0E942419-3272-4267-AF23-4B6071D71277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "3848A541-4F14-4E3B-99EE-B7C5A886C541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "34E980E1-62B8-4E37-AE9D-DFE033053620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "730E6E09-C0C8-4F8A-BE07-BFED00FC1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "693571B9-BADF-4659-95D0-F08BF32F8C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A80666-C318-416B-A440-C99DB85739DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "3198BD36-7585-493D-B767-188F86949046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "4891B49A-2957-4097-A0B9-12808956CDB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "95849B6C-BA5C-4C47-8AD0-AB41C269FFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AC228FC3-3687-4FED-A684-203040EEE884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27F906AC-E00B-482E-82FE-1A50F118FDEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "540C4514-CC7D-4770-9DA8-8CE667CA00F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "95FA3628-81A6-4988-8A40-4A0581FDA493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "325D60DE-F689-4F76-ABB5-6065647A826A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B19EA718-9899-4894-8EF2-E6C085804BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D16DD747-AA9A-4AC4-975C-0927C1637268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A67DEDC-9269-4510-9F78-587879376A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8568E6B0-0016-40CC-BE22-BE3A2CE99C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "238B59A2-F9C9-40CB-9700-831FE4B0AF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C1C0AD-A638-45FC-ACAE-A7F056887025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F8BD2D-559E-4F01-A97E-AF51C7E61E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B40EB035-544F-4E0E-ADC0-9C63A5B91435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7626B23F-1DC3-4CDC-A52F-5A1191D6D135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "81100E37-1B99-4317-829F-B4A2278FA323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10321B16-1675-4609-8267-3971A9062AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*",
"matchCriteriaId": "B011DC65-EE78-49C2-B813-2381A06F6617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AA31BA47-991B-4F8C-881C-09D9C6210DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFEB8F2-0E37-450B-8390-5B055E3848F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5DEA84-37AD-4040-817D-928371236987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "208DC45A-4E9C-4B6E-A984-C598485CB08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FB14B0A4-F98A-4331-993A-C5CD70F3903F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B6885E77-4FD0-4C37-ADEC-2A5F8791C161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E1975F46-53D7-4C80-914C-3E5E85870191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "35F0E1BA-D05F-41CB-ACD9-035A6DF4735E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "77835F00-45F1-49CB-9D34-160F0FE1E3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "802A9E89-4715-4CB9-A371-5407A7320D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61B77020-D355-4179-ADEC-B0C59AB86478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD73320-38DA-4606-9CEA-F0C9D5A3215F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374F1E-06BC-4A9E-8666-336AACC1F5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3F905-8AC0-42A3-AC63-BA61AE6619AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "46E11270-65DE-4C07-A103-66217691069E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B93D2AD-FA36-4A6C-AC52-6FD0F3AE6A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D109CF38-0F5F-4A20-8A4A-DBE14D7826CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6E6FEA-9D2E-4ACD-8C3A-98DA4EB1C994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10B4A828-33F4-4FB7-9637-3C761A73AEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D0B93D-00EC-4C5D-A173-34C28D20BF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "43D3B41F-4705-4CCC-BE6F-F7193EB24F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80523474-5361-464C-9588-6C55EA40E652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA38241-A7D8-4A73-833E-3DF470624163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "12B56127-2DC3-4718-96F9-54FF156698BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3F1771-AB7A-417C-A996-B0B4E03E8126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87C5C780-BBDB-410C-AE9D-4E48EFE0D47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9034743F-699F-40A6-8D53-6631C78281FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "37949AD3-54DE-4302-98AD-4EBFCF3CBB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FF5F2F9D-5D62-42FE-A60A-72C09E06E9DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7889BD02-DCDE-49F4-B432-DF9EB39C1251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi."
}
],
"id": "CVE-2004-2427",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9123"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9125"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9126"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9127"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9128"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9129"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/9130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/9130"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0789
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:delegate:delegate:7.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9180C95-FF6F-4A0C-9DE0-DFF6D8387698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68FA1404-9FA2-4379-96BC-6D7970C0EAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EABEE7AB-7C45-473E-9873-0423F2249F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F66F57-6AEB-4E3C-B148-BC7D11E1EBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "611AD3E5-708F-46BB-B21D-09598E1C4771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59AEEB-D524-4337-8962-B29863CBC889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F15245AF-B9B6-4D46-A901-A781FC0BAF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A3E1EB-89A5-4326-8977-9B462065C39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD607D2-2B07-474B-A855-2C3319B42CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B4665-84C4-4129-9916-ABAC61B81FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4131A4A5-5D67-4522-9A6E-E708815B5B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C30DD0-C957-44BA-B44C-7B424E664B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2E24A5-A864-4F42-A053-2FDA9D09A4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0993A56D-3A68-464A-B580-BE2EC3846F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF6186E-90D1-4D22-A469-0E955D5F1EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7323E750-C596-46FC-AA85-9271CC9C2CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F7EA693-9873-4201-B66D-D0AC08E7F560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022F8E8E-F6A1-4782-82D0-686E6FADCF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E269F0-8CFD-45DB-AF82-F9F57EDD0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "752CC26D-33D2-43F1-A43B-E101553895C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "317134CF-981A-44CC-B068-BA762AED5EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20BAB657-CAB8-4473-9EE5-5F725F2EB1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84D1387B-91E2-4AC8-B387-B50F4D7DFDC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19028501-E538-4F36-8DF7-3D2A76D86895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7173317-9F5E-4F80-A957-02084B8DC8C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "297935D9-E108-4DB1-B4C8-2AC43DB6EA04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "770BBF88-63D2-4AD6-B28F-5664DFFD746E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45B16588-35CA-4640-8FA8-BC63D91C7416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA35F28-CAA5-4C03-ABB8-4647537CC8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAC824F-2031-4427-BF38-C32A7644D2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7884CCA6-2031-41DB-860D-AF18047AF617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A906D87C-5557-4FC0-BBF3-7169EF35DEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC34DC23-117A-403E-9C87-79B1C512A5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE559DF-3874-42E7-BB5B-8968E52D7A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11068A01-20FB-4039-8919-85CF93F0FF2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9435E392-AE02-48A8-9A2D-3D1593DA3DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B3D730-15C0-494A-A0B6-231C9F370A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A917E7C9-BC1A-4D62-9A89-9D73A748D926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A01622-5254-4B3B-9412-771BE7400FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3A5A98-3544-4A95-8436-0DF013B22CD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "BECF00EC-A188-4B7F-BA51-3AAC3B4195B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.8.05:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2370B5-681D-469F-B07C-B9212A975C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pliant:pliant_dns_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA13B142-71F9-475E-A28A-DDE94BE0E7FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1930E3DE-67BE-41F2-B8E3-BA8E18762C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17C7DD08-C349-4687-8FAF-CCD211A9C166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.6:*:*:*:*:*:*:*",
"matchCriteriaId": "981611C8-B957-428B-9500-37C60AE0E7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D34782A9-4CCB-45AD-BA23-EE98EE218B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9D2517-4EAF-4DB9-B0EE-51F65671D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA40391-39D5-4CB7-BB8E-048C4ECBC3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.60.0:*:*:*:*:*:*:*",
"matchCriteriaId": "135BFFE3-FF18-4462-9D19-2DF986E947DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.60.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD907CE8-E0CD-46AA-A9E4-3D0FA3939DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:m5pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "530D1254-DC0A-4A7C-9520-D0F45B9AF278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:m5pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3BF047-0339-4064-9B3B-68E96F1AB1B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7BC4C8-FB7B-4A88-B97B-984D9AA8EA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1D98E1-EBE1-4697-906F-E29C91D9074D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.1_beta_a:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB1D7C0-E484-4441-AA68-FBA5A3309547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F0670C-C07E-4A84-952B-88200D2D9B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.1_build_993:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD8E2B-37BF-4989-ABF3-9EC8E6F1C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.1_build_995:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCFB397-9F5F-42F8-ABB3-9700F100D43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:team_johnlong:raidendnsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4967B8F-D25F-4B55-842E-0C7819EDA88A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37F0C4C8-E648-4486-BFE3-23333FCFF118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "56647964-82B3-4A7A-BE0D-C252654F8CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B83A6F-1996-49B7-BA76-98B83548F289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "E021E51E-EA28-4E61-A08A-A590984A483E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "94ABCB8C-8EED-4635-BA54-735CA12A1F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "38C70CE1-0116-4C91-AB59-0C0D9F17099B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "44B1C47A-938B-4F9B-B4B5-88B8622DC965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E890E332-7A3B-4B6A-91B3-7FEFAF5DBA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "4830EAF7-9504-4090-8DDD-6CC6658ABFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7E26AD96-7BA4-4722-B059-6444FFC2E6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "E06E7446-34EC-428A-82EE-2E24F2908C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4996E0-097B-4B79-8A1C-CE55F94B8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0200586F-7F71-47F6-8D2E-F06E1BF418E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5764F35-7F21-40D0-A3FF-8EEF97F7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE3CF46-91CC-4AFD-B178-48AE90E0E339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D79A54BC-789D-4ED2-B3BC-C42959D7FFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8A437-5AF7-448E-9AF8-D8FBA481CFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5663D3D1-5962-4C43-B689-089EAFE25FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "34EDC537-0EFF-46EA-8368-A690480E5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "39798220-4621-4C5D-B6A7-6639D02E0C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "05EF66A4-F7BB-40C3-9CBF-5DB8715780C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCA7249-7F8F-4A2D-B98F-6AA0ECF17D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "0E942419-3272-4267-AF23-4B6071D71277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "3848A541-4F14-4E3B-99EE-B7C5A886C541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "34E980E1-62B8-4E37-AE9D-DFE033053620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "730E6E09-C0C8-4F8A-BE07-BFED00FC1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "81100E37-1B99-4317-829F-B4A2278FA323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10321B16-1675-4609-8267-3971A9062AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "35F0E1BA-D05F-41CB-ACD9-035A6DF4735E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD73320-38DA-4606-9CEA-F0C9D5A3215F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374F1E-06BC-4A9E-8666-336AACC1F5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3F905-8AC0-42A3-AC63-BA61AE6619AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "46E11270-65DE-4C07-A103-66217691069E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B93D2AD-FA36-4A6C-AC52-6FD0F3AE6A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D109CF38-0F5F-4A20-8A4A-DBE14D7826CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6E6FEA-9D2E-4ACD-8C3A-98DA4EB1C994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10B4A828-33F4-4FB7-9637-3C761A73AEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "41CB517F-BDC9-40D0-AB0D-2DFC7669E8F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet."
}
],
"id": "CVE-2004-0789",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/13145"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/13145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-0240
Vulnerability from fkie_nvd - Published: 2003-06-09 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | 2100_network_camera | * | |
| axis | 2110_network_camera | * | |
| axis | 2120_network_camera | * | |
| axis | 2130_ptz_network_camera | * | |
| axis | 2400_video_server | * | |
| axis | 2401_video_server | * | |
| axis | 2420_network_camera | * | |
| axis | 2460_network_dvr | * | |
| axis | 250s_video_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2570AC32-525A-47BD-B13E-EB9ED7A7A527",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3B8362-1E77-4F67-A9E9-B31B82980331",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1076E59E-8F35-46BF-A8AA-D3FF2F49879D",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2130_ptz_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A741E9C-25EE-47A2-AD5E-2B348F6D6AAA",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4DC4AC-6416-44B9-808E-CBE907687A35",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D42850B0-AE7D-457D-BF27-EF5B9F429CE3",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91A70331-0B56-44F2-8134-1346D60090DF",
"versionEndIncluding": "2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD23BD15-EEFB-490A-9253-46F1942EDC87",
"versionEndIncluding": "3.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B102633A-D63C-458F-BDE3-B9082166B9C6",
"versionEndIncluding": "3.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash)."
},
{
"lang": "es",
"value": "Las capacidades de administraci\u00f3n basadas en web de varios productos Axis Network Camera permite que atacantes remotos se salten las restricciones de acceso y modifiquen la configuraci\u00f3n mediante una petici\u00f3n HTTP a admin/admin.shtml que contiene \u0027//\" (dos barras) al principio."
}
],
"id": "CVE-2003-0240",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-06-09T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/8876"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1006854"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4804"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/7652"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/8876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1006854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/7652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2001-1543
Vulnerability from fkie_nvd - Published: 2001-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| axis | 2100_network_camera | * | |
| axis | 2110_network_camera | * | |
| axis | 2120_network_camera | * | |
| axis | neteye_200 | * | |
| axis | neteye_200\+ | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B973F5FD-AA57-498F-A3AA-A32EA6487738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6BCFB1-CD3D-4DAB-B8B4-BF3FDA37747E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9B7A07-8E5D-4207-890A-01E3AEDD98F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:neteye_200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "445FDFE9-2E6C-455F-9D04-26A733B70657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:neteye_200\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47CA2A9C-44C9-4BBB-8281-B27466F71DF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password \"pass\", which allows remote attackers to gain access to the camera."
}
],
"id": "CVE-2001-1543",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/7665.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/7665.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3640"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-2239 (GCVE-0-2007-2239)
Vulnerability from cvelistv5 – Published: 2007-05-07 19:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "axis-activex-savebmp-bo(34133)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"name": "35602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35602"
},
{
"name": "ADV-2007-1663",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"name": "23816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23816"
},
{
"name": "VU#355809",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"name": "25093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "axis-activex-savebmp-bo(34133)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"name": "35602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35602"
},
{
"name": "ADV-2007-1663",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"name": "23816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23816"
},
{
"name": "VU#355809",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"name": "25093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-2239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "axis-activex-savebmp-bo(34133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"name": "35602",
"refsource": "OSVDB",
"url": "http://osvdb.org/35602"
},
{
"name": "ADV-2007-1663",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"name": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf",
"refsource": "CONFIRM",
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"name": "23816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23816"
},
{
"name": "VU#355809",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"name": "25093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2007-2239",
"datePublished": "2007-05-07T19:00:00",
"dateReserved": "2007-04-25T00:00:00",
"dateUpdated": "2024-08-07T13:33:27.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0789 (GCVE-0-2004-0789)
Vulnerability from cvelistv5 – Published: 2005-09-01 04:00 – Updated: 2024-08-08 00:31
VLAI?
Summary
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:46.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11642"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"name": "http://www.posadis.org/advisories/pos_adv_006.txt",
"refsource": "CONFIRM",
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0789",
"datePublished": "2005-09-01T04:00:00",
"dateReserved": "2004-08-17T00:00:00",
"dateUpdated": "2024-08-08T00:31:46.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2426 (GCVE-0-2004-2426)
Vulnerability from cvelistv5 – Published: 2005-08-18 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9122"
},
{
"name": "axis-directory-traversal(17079)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9122"
},
{
"name": "axis-directory-traversal(17079)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9122",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9122"
},
{
"name": "axis-directory-traversal(17079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"name": "11011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2426",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2425 (GCVE-0-2004-2425)
Vulnerability from cvelistv5 – Published: 2005-08-18 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asix-command-execution(17076)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"name": "9121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9121"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asix-command-execution(17076)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"name": "9121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9121"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asix-command-execution(17076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"name": "9121",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9121"
},
{
"name": "11011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2425",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2427 (GCVE-0-2004-2427)
Vulnerability from cvelistv5 – Published: 2005-08-18 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9126"
},
{
"name": "9127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9127"
},
{
"name": "9129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9129"
},
{
"name": "9128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9128"
},
{
"name": "9125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9125"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "9130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9130"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"name": "9123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9126"
},
{
"name": "9127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9127"
},
{
"name": "9129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9129"
},
{
"name": "9128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9128"
},
{
"name": "9125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9125"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "9130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9130"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"name": "9123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9126",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9126"
},
{
"name": "9127",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9127"
},
{
"name": "9129",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9129"
},
{
"name": "9128",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9128"
},
{
"name": "9125",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9125"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "9130",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9130"
},
{
"name": "1011056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011056"
},
{
"name": "9123",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2427",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1543 (GCVE-0-2001-1543)
Vulnerability from cvelistv5 – Published: 2005-07-14 04:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3640",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3640"
},
{
"name": "20011205 Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"name": "20011206 Re: Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"name": "axis-default-admin-passwd(7665)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7665.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password \"pass\", which allows remote attackers to gain access to the camera."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-14T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3640",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3640"
},
{
"name": "20011205 Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"name": "20011206 Re: Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"name": "axis-default-admin-passwd(7665)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7665.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password \"pass\", which allows remote attackers to gain access to the camera."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3640"
},
{
"name": "20011205 Axis Network Camera known default password vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"name": "20011206 Re: Axis Network Camera known default password vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"name": "axis-default-admin-passwd(7665)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7665.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1543",
"datePublished": "2005-07-14T04:00:00Z",
"dateReserved": "2005-07-14T00:00:00Z",
"dateUpdated": "2024-09-16T23:06:08.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0240 (GCVE-0-2003-0240)
Vulnerability from cvelistv5 – Published: 2003-05-30 04:00 – Updated: 2024-08-08 01:43
VLAI?
Summary
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1006854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1006854"
},
{
"name": "axis-admin-authentication-bypass(12104)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"name": "7652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7652"
},
{
"name": "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"name": "VU#799060",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"name": "4804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4804"
},
{
"name": "8876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8876"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1006854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1006854"
},
{
"name": "axis-admin-authentication-bypass(12104)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"name": "7652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7652"
},
{
"name": "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"name": "VU#799060",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"name": "4804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4804"
},
{
"name": "8876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8876"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1006854",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1006854"
},
{
"name": "axis-admin-authentication-bypass(12104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"name": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10",
"refsource": "MISC",
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"name": "7652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7652"
},
{
"name": "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"name": "VU#799060",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"name": "4804",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4804"
},
{
"name": "8876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8876"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0240",
"datePublished": "2003-05-30T04:00:00",
"dateReserved": "2003-05-01T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2239 (GCVE-0-2007-2239)
Vulnerability from nvd – Published: 2007-05-07 19:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "axis-activex-savebmp-bo(34133)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"name": "35602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35602"
},
{
"name": "ADV-2007-1663",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"name": "23816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23816"
},
{
"name": "VU#355809",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"name": "25093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "axis-activex-savebmp-bo(34133)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"name": "35602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35602"
},
{
"name": "ADV-2007-1663",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"name": "23816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23816"
},
{
"name": "VU#355809",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"name": "25093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-2239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "axis-activex-savebmp-bo(34133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34133"
},
{
"name": "35602",
"refsource": "OSVDB",
"url": "http://osvdb.org/35602"
},
{
"name": "ADV-2007-1663",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1663"
},
{
"name": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf",
"refsource": "CONFIRM",
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf"
},
{
"name": "23816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23816"
},
{
"name": "VU#355809",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/355809"
},
{
"name": "25093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2007-2239",
"datePublished": "2007-05-07T19:00:00",
"dateReserved": "2007-04-25T00:00:00",
"dateUpdated": "2024-08-07T13:33:27.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0789 (GCVE-0-2004-0789)
Vulnerability from nvd – Published: 2005-09-01 04:00 – Updated: 2024-08-08 00:31
VLAI?
Summary
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:46.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11642"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"name": "http://www.posadis.org/advisories/pos_adv_006.txt",
"refsource": "CONFIRM",
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0789",
"datePublished": "2005-09-01T04:00:00",
"dateReserved": "2004-08-17T00:00:00",
"dateUpdated": "2024-08-08T00:31:46.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2426 (GCVE-0-2004-2426)
Vulnerability from nvd – Published: 2005-08-18 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9122"
},
{
"name": "axis-directory-traversal(17079)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9122",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9122"
},
{
"name": "axis-directory-traversal(17079)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9122",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9122"
},
{
"name": "axis-directory-traversal(17079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079"
},
{
"name": "11011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2426",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2425 (GCVE-0-2004-2425)
Vulnerability from nvd – Published: 2005-08-18 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asix-command-execution(17076)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"name": "9121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9121"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asix-command-execution(17076)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"name": "9121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9121"
},
{
"name": "11011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asix-command-execution(17076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076"
},
{
"name": "9121",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9121"
},
{
"name": "11011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11011"
},
{
"name": "20040831 Axis Network Camera and Video Server Security Advisory",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html"
},
{
"name": "12353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12353"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "1011056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2425",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2427 (GCVE-0-2004-2427)
Vulnerability from nvd – Published: 2005-08-18 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9126"
},
{
"name": "9127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9127"
},
{
"name": "9129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9129"
},
{
"name": "9128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9128"
},
{
"name": "9125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9125"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "9130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9130"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"name": "9123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9126"
},
{
"name": "9127",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9127"
},
{
"name": "9129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9129"
},
{
"name": "9128",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9128"
},
{
"name": "9125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9125"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "9130",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9130"
},
{
"name": "1011056",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011056"
},
{
"name": "9123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9126",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9126"
},
{
"name": "9127",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9127"
},
{
"name": "9129",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9129"
},
{
"name": "9128",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9128"
},
{
"name": "9125",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9125"
},
{
"name": "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html"
},
{
"name": "9130",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9130"
},
{
"name": "1011056",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011056"
},
{
"name": "9123",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2427",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1543 (GCVE-0-2001-1543)
Vulnerability from nvd – Published: 2005-07-14 04:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3640",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3640"
},
{
"name": "20011205 Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"name": "20011206 Re: Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"name": "axis-default-admin-passwd(7665)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7665.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password \"pass\", which allows remote attackers to gain access to the camera."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-14T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3640",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3640"
},
{
"name": "20011205 Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"name": "20011206 Re: Axis Network Camera known default password vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"name": "axis-default-admin-passwd(7665)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7665.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password \"pass\", which allows remote attackers to gain access to the camera."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3640"
},
{
"name": "20011205 Axis Network Camera known default password vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"name": "20011206 Re: Axis Network Camera known default password vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"name": "axis-default-admin-passwd(7665)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7665.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1543",
"datePublished": "2005-07-14T04:00:00Z",
"dateReserved": "2005-07-14T00:00:00Z",
"dateUpdated": "2024-09-16T23:06:08.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0240 (GCVE-0-2003-0240)
Vulnerability from nvd – Published: 2003-05-30 04:00 – Updated: 2024-08-08 01:43
VLAI?
Summary
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1006854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1006854"
},
{
"name": "axis-admin-authentication-bypass(12104)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"name": "7652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7652"
},
{
"name": "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"name": "VU#799060",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"name": "4804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4804"
},
{
"name": "8876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8876"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1006854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1006854"
},
{
"name": "axis-admin-authentication-bypass(12104)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"name": "7652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7652"
},
{
"name": "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"name": "VU#799060",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"name": "4804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4804"
},
{
"name": "8876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8876"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1006854",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1006854"
},
{
"name": "axis-admin-authentication-bypass(12104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104"
},
{
"name": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10",
"refsource": "MISC",
"url": "http://www.coresecurity.com/common/showdoc.php?idx=329\u0026idxseccion=10"
},
{
"name": "7652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7652"
},
{
"name": "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105406374731579\u0026w=2"
},
{
"name": "VU#799060",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/799060"
},
{
"name": "4804",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4804"
},
{
"name": "8876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8876"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0240",
"datePublished": "2003-05-30T04:00:00",
"dateReserved": "2003-05-01T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}