Vulnerabilites related to axis - 2490_serial_server
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.
Impacted products
Vendor Product Version
axis 2100_network_camera 2.12
axis 2100_network_camera 2.30
axis 2100_network_camera 2.31
axis 2100_network_camera 2.32
axis 2100_network_camera 2.33
axis 2100_network_camera 2.34
axis 2100_network_camera 2.40
axis 2100_network_camera 2.41
axis 2110_network_camera 2.12
axis 2110_network_camera 2.30
axis 2110_network_camera 2.31
axis 2110_network_camera 2.32
axis 2110_network_camera 2.34
axis 2110_network_camera 2.40
axis 2110_network_camera 2.41
axis 2120_network_camera 2.12
axis 2120_network_camera 2.30
axis 2120_network_camera 2.31
axis 2120_network_camera 2.32
axis 2120_network_camera 2.34
axis 2120_network_camera 2.40
axis 2120_network_camera 2.41
axis 2130_ptz_network_camera 2.30
axis 2130_ptz_network_camera 2.31
axis 2130_ptz_network_camera 2.32
axis 2130_ptz_network_camera 2.34
axis 2130_ptz_network_camera 2.40
axis 230_mpeg2_video_server 3.11
axis 2400_video_server 1.1
axis 2400_video_server 1.2
axis 2400_video_server 1.10
axis 2400_video_server 1.11
axis 2400_video_server 1.12
axis 2400_video_server 1.15
axis 2400_video_server 2.0
axis 2400_video_server 2.20
axis 2400_video_server 2.30
axis 2400_video_server 2.31
axis 2400_video_server 2.32
axis 2400_video_server 2.33
axis 2400_video_server 2.34
axis 2400_video_server 3.11
axis 2400_video_server 3.12
axis 2401_video_server 1.0_1
axis 2401_video_server 1.15
axis 2401_video_server 2.20
axis 2401_video_server 2.30
axis 2401_video_server 2.31
axis 2401_video_server 2.32
axis 2401_video_server 2.33
axis 2401_video_server 2.34
axis 2401_video_server 3.12
axis 2401_video_server 3.13
axis 2411_video_server 3.12
axis 2411_video_server 3.13
axis 2420_network_camera 2.12
axis 2420_network_camera 2.30
axis 2420_network_camera 2.31
axis 2420_network_camera 2.32
axis 2420_network_camera 2.33
axis 2420_network_camera 2.34
axis 2420_network_camera 2.40
axis 2420_network_camera 2.41
axis 2420_video_server 2.32
axis 2420_video_server 2.34
axis 2460_network_dvr *
axis 2460_network_dvr 3.10
axis 2460_network_dvr 3.11
axis 2490_serial_server *
axis 2490_serial_server 2.11.3
axis 250s_video_server *
axis 250s_video_server 3.03
axis 250s_video_server 3.10
axis storpoint_cd *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "94ABCB8C-8EED-4635-BA54-735CA12A1F64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "38C70CE1-0116-4C91-AB59-0C0D9F17099B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "44B1C47A-938B-4F9B-B4B5-88B8622DC965",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "E890E332-7A3B-4B6A-91B3-7FEFAF5DBA6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "4830EAF7-9504-4090-8DDD-6CC6658ABFD4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E26AD96-7BA4-4722-B059-6444FFC2E6D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "E06E7446-34EC-428A-82EE-2E24F2908C97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D4996E0-097B-4B79-8A1C-CE55F94B8D29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "0200586F-7F71-47F6-8D2E-F06E1BF418E7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5764F35-7F21-40D0-A3FF-8EEF97F7931D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BE3CF46-91CC-4AFD-B178-48AE90E0E339",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "D79A54BC-789D-4ED2-B3BC-C42959D7FFF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "79A8A437-5AF7-448E-9AF8-D8FBA481CFE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "5663D3D1-5962-4C43-B689-089EAFE25FD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "34EDC537-0EFF-46EA-8368-A690480E5D6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "39798220-4621-4C5D-B6A7-6639D02E0C07",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "05EF66A4-F7BB-40C3-9CBF-5DB8715780C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DCA7249-7F8F-4A2D-B98F-6AA0ECF17D7F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E942419-3272-4267-AF23-4B6071D71277",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "3848A541-4F14-4E3B-99EE-B7C5A886C541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "34E980E1-62B8-4E37-AE9D-DFE033053620",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "730E6E09-C0C8-4F8A-BE07-BFED00FC1235",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "693571B9-BADF-4659-95D0-F08BF32F8C0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9A80666-C318-416B-A440-C99DB85739DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "3198BD36-7585-493D-B767-188F86949046",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "4891B49A-2957-4097-A0B9-12808956CDB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "95849B6C-BA5C-4C47-8AD0-AB41C269FFA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC228FC3-3687-4FED-A684-203040EEE884",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "27F906AC-E00B-482E-82FE-1A50F118FDEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "540C4514-CC7D-4770-9DA8-8CE667CA00F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "95FA3628-81A6-4988-8A40-4A0581FDA493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "325D60DE-F689-4F76-ABB5-6065647A826A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "B19EA718-9899-4894-8EF2-E6C085804BFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "D16DD747-AA9A-4AC4-975C-0927C1637268",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A67DEDC-9269-4510-9F78-587879376A26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "8568E6B0-0016-40CC-BE22-BE3A2CE99C4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "238B59A2-F9C9-40CB-9700-831FE4B0AF7B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0C1C0AD-A638-45FC-ACAE-A7F056887025",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9F8BD2D-559E-4F01-A97E-AF51C7E61E4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "B40EB035-544F-4E0E-ADC0-9C63A5B91435",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "7626B23F-1DC3-4CDC-A52F-5A1191D6D135",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "81100E37-1B99-4317-829F-B4A2278FA323",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10321B16-1675-4609-8267-3971A9062AF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B011DC65-EE78-49C2-B813-2381A06F6617",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA31BA47-991B-4F8C-881C-09D9C6210DF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEFEB8F2-0E37-450B-8390-5B055E3848F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E5DEA84-37AD-4040-817D-928371236987",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "208DC45A-4E9C-4B6E-A984-C598485CB08E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB14B0A4-F98A-4331-993A-C5CD70F3903F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "B6885E77-4FD0-4C37-ADEC-2A5F8791C161",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1975F46-53D7-4C80-914C-3E5E85870191",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "35F0E1BA-D05F-41CB-ACD9-035A6DF4735E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "77835F00-45F1-49CB-9D34-160F0FE1E3ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "802A9E89-4715-4CB9-A371-5407A7320D13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "61B77020-D355-4179-ADEC-B0C59AB86478",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "1DD73320-38DA-4606-9CEA-F0C9D5A3215F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8374F1E-06BC-4A9E-8666-336AACC1F5BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "DAA3F905-8AC0-42A3-AC63-BA61AE6619AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "46E11270-65DE-4C07-A103-66217691069E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B93D2AD-FA36-4A6C-AC52-6FD0F3AE6A80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "D109CF38-0F5F-4A20-8A4A-DBE14D7826CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA6E6FEA-9D2E-4ACD-8C3A-98DA4EB1C994",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "10B4A828-33F4-4FB7-9637-3C761A73AEF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9D0B93D-00EC-4C5D-A173-34C28D20BF1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "43D3B41F-4705-4CCC-BE6F-F7193EB24F64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "80523474-5361-464C-9588-6C55EA40E652",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFA38241-A7D8-4A73-833E-3DF470624163",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "12B56127-2DC3-4718-96F9-54FF156698BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B3F1771-AB7A-417C-A996-B0B4E03E8126",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "87C5C780-BBDB-410C-AE9D-4E48EFE0D47F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9034743F-699F-40A6-8D53-6631C78281FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*",
                     matchCriteriaId: "37949AD3-54DE-4302-98AD-4EBFCF3CBB53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF5F2F9D-5D62-42FE-A60A-72C09E06E9DE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7889BD02-DCDE-49F4-B432-DF9EB39C1251",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.",
      },
   ],
   id: "CVE-2004-2427",
   lastModified: "2024-11-20T23:53:19.823",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://securitytracker.com/id?1011056",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/9123",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/9125",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/9126",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/9127",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/9128",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/9129",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.osvdb.org/9130",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://securitytracker.com/id?1011056",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/9123",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/9125",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/9126",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/9127",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/9128",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/9129",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.osvdb.org/9130",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
Impacted products
Vendor Product Version
axis 2100_network_camera 2.12
axis 2100_network_camera 2.30
axis 2100_network_camera 2.31
axis 2100_network_camera 2.32
axis 2100_network_camera 2.33
axis 2100_network_camera 2.34
axis 2100_network_camera 2.40
axis 2100_network_camera 2.41
axis 2110_network_camera 2.12
axis 2110_network_camera 2.30
axis 2110_network_camera 2.31
axis 2110_network_camera 2.32
axis 2110_network_camera 2.34
axis 2110_network_camera 2.40
axis 2110_network_camera 2.41
axis 2120_network_camera 2.12
axis 2120_network_camera 2.30
axis 2120_network_camera 2.31
axis 2120_network_camera 2.32
axis 2120_network_camera 2.34
axis 2120_network_camera 2.40
axis 2120_network_camera 2.41
axis 2130_ptz_network_camera 2.30
axis 2130_ptz_network_camera 2.31
axis 2130_ptz_network_camera 2.32
axis 2130_ptz_network_camera 2.34
axis 2130_ptz_network_camera 2.40
axis 230_mpeg2_video_server 3.11
axis 2400_video_server 1.1
axis 2400_video_server 1.2
axis 2400_video_server 1.10
axis 2400_video_server 1.11
axis 2400_video_server 1.12
axis 2400_video_server 1.15
axis 2400_video_server 2.0
axis 2400_video_server 2.20
axis 2400_video_server 2.30
axis 2400_video_server 2.31
axis 2400_video_server 2.32
axis 2400_video_server 2.33
axis 2400_video_server 2.34
axis 2400_video_server 3.11
axis 2400_video_server 3.12
axis 2401_video_server 1.0_1
axis 2401_video_server 1.15
axis 2401_video_server 2.20
axis 2401_video_server 2.30
axis 2401_video_server 2.31
axis 2401_video_server 2.32
axis 2401_video_server 2.33
axis 2401_video_server 2.34
axis 2401_video_server 3.12
axis 2401_video_server 3.13
axis 2411_video_server 3.12
axis 2411_video_server 3.13
axis 2420_network_camera 2.12
axis 2420_network_camera 2.30
axis 2420_network_camera 2.31
axis 2420_network_camera 2.32
axis 2420_network_camera 2.33
axis 2420_network_camera 2.34
axis 2420_network_camera 2.40
axis 2420_network_camera 2.41
axis 2420_video_server 2.32
axis 2420_video_server 2.34
axis 2460_network_dvr *
axis 2460_network_dvr 3.10
axis 2460_network_dvr 3.11
axis 2490_serial_server *
axis 2490_serial_server 2.11.3
axis 250s_video_server *
axis 250s_video_server 3.03
axis 250s_video_server 3.10
axis storpoint_cd *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "94ABCB8C-8EED-4635-BA54-735CA12A1F64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "38C70CE1-0116-4C91-AB59-0C0D9F17099B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "44B1C47A-938B-4F9B-B4B5-88B8622DC965",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "E890E332-7A3B-4B6A-91B3-7FEFAF5DBA6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "4830EAF7-9504-4090-8DDD-6CC6658ABFD4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E26AD96-7BA4-4722-B059-6444FFC2E6D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "E06E7446-34EC-428A-82EE-2E24F2908C97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D4996E0-097B-4B79-8A1C-CE55F94B8D29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "0200586F-7F71-47F6-8D2E-F06E1BF418E7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5764F35-7F21-40D0-A3FF-8EEF97F7931D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BE3CF46-91CC-4AFD-B178-48AE90E0E339",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "D79A54BC-789D-4ED2-B3BC-C42959D7FFF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "79A8A437-5AF7-448E-9AF8-D8FBA481CFE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "5663D3D1-5962-4C43-B689-089EAFE25FD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "34EDC537-0EFF-46EA-8368-A690480E5D6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "39798220-4621-4C5D-B6A7-6639D02E0C07",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "05EF66A4-F7BB-40C3-9CBF-5DB8715780C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DCA7249-7F8F-4A2D-B98F-6AA0ECF17D7F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E942419-3272-4267-AF23-4B6071D71277",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "3848A541-4F14-4E3B-99EE-B7C5A886C541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "34E980E1-62B8-4E37-AE9D-DFE033053620",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "730E6E09-C0C8-4F8A-BE07-BFED00FC1235",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "693571B9-BADF-4659-95D0-F08BF32F8C0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9A80666-C318-416B-A440-C99DB85739DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "3198BD36-7585-493D-B767-188F86949046",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "4891B49A-2957-4097-A0B9-12808956CDB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "95849B6C-BA5C-4C47-8AD0-AB41C269FFA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC228FC3-3687-4FED-A684-203040EEE884",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "27F906AC-E00B-482E-82FE-1A50F118FDEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "540C4514-CC7D-4770-9DA8-8CE667CA00F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "95FA3628-81A6-4988-8A40-4A0581FDA493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "325D60DE-F689-4F76-ABB5-6065647A826A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "B19EA718-9899-4894-8EF2-E6C085804BFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "D16DD747-AA9A-4AC4-975C-0927C1637268",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A67DEDC-9269-4510-9F78-587879376A26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "8568E6B0-0016-40CC-BE22-BE3A2CE99C4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "238B59A2-F9C9-40CB-9700-831FE4B0AF7B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0C1C0AD-A638-45FC-ACAE-A7F056887025",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9F8BD2D-559E-4F01-A97E-AF51C7E61E4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "B40EB035-544F-4E0E-ADC0-9C63A5B91435",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "7626B23F-1DC3-4CDC-A52F-5A1191D6D135",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "81100E37-1B99-4317-829F-B4A2278FA323",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10321B16-1675-4609-8267-3971A9062AF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B011DC65-EE78-49C2-B813-2381A06F6617",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA31BA47-991B-4F8C-881C-09D9C6210DF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEFEB8F2-0E37-450B-8390-5B055E3848F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E5DEA84-37AD-4040-817D-928371236987",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "208DC45A-4E9C-4B6E-A984-C598485CB08E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB14B0A4-F98A-4331-993A-C5CD70F3903F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "B6885E77-4FD0-4C37-ADEC-2A5F8791C161",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1975F46-53D7-4C80-914C-3E5E85870191",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "35F0E1BA-D05F-41CB-ACD9-035A6DF4735E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "77835F00-45F1-49CB-9D34-160F0FE1E3ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "802A9E89-4715-4CB9-A371-5407A7320D13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "61B77020-D355-4179-ADEC-B0C59AB86478",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "1DD73320-38DA-4606-9CEA-F0C9D5A3215F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8374F1E-06BC-4A9E-8666-336AACC1F5BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "DAA3F905-8AC0-42A3-AC63-BA61AE6619AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "46E11270-65DE-4C07-A103-66217691069E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B93D2AD-FA36-4A6C-AC52-6FD0F3AE6A80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "D109CF38-0F5F-4A20-8A4A-DBE14D7826CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA6E6FEA-9D2E-4ACD-8C3A-98DA4EB1C994",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "10B4A828-33F4-4FB7-9637-3C761A73AEF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9D0B93D-00EC-4C5D-A173-34C28D20BF1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "43D3B41F-4705-4CCC-BE6F-F7193EB24F64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "80523474-5361-464C-9588-6C55EA40E652",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFA38241-A7D8-4A73-833E-3DF470624163",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "12B56127-2DC3-4718-96F9-54FF156698BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B3F1771-AB7A-417C-A996-B0B4E03E8126",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "87C5C780-BBDB-410C-AE9D-4E48EFE0D47F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9034743F-699F-40A6-8D53-6631C78281FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*",
                     matchCriteriaId: "37949AD3-54DE-4302-98AD-4EBFCF3CBB53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF5F2F9D-5D62-42FE-A60A-72C09E06E9DE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7889BD02-DCDE-49F4-B432-DF9EB39C1251",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.",
      },
   ],
   id: "CVE-2004-2425",
   lastModified: "2024-11-20T23:53:19.487",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/12353",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://securitytracker.com/id?1011056",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/9121",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/11011",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/12353",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://securitytracker.com/id?1011056",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/9121",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/11011",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
Impacted products
Vendor Product Version
axis 2100_network_camera 2.12
axis 2100_network_camera 2.30
axis 2100_network_camera 2.31
axis 2100_network_camera 2.32
axis 2100_network_camera 2.33
axis 2100_network_camera 2.34
axis 2100_network_camera 2.40
axis 2100_network_camera 2.41
axis 2110_network_camera 2.12
axis 2110_network_camera 2.30
axis 2110_network_camera 2.31
axis 2110_network_camera 2.32
axis 2110_network_camera 2.34
axis 2110_network_camera 2.40
axis 2110_network_camera 2.41
axis 2120_network_camera 2.12
axis 2120_network_camera 2.30
axis 2120_network_camera 2.31
axis 2120_network_camera 2.32
axis 2120_network_camera 2.34
axis 2120_network_camera 2.40
axis 2120_network_camera 2.41
axis 2130_ptz_network_camera 2.30
axis 2130_ptz_network_camera 2.31
axis 2130_ptz_network_camera 2.32
axis 2130_ptz_network_camera 2.34
axis 2130_ptz_network_camera 2.40
axis 230_mpeg2_video_server 3.11
axis 2400_video_server 1.1
axis 2400_video_server 1.2
axis 2400_video_server 1.10
axis 2400_video_server 1.11
axis 2400_video_server 1.12
axis 2400_video_server 1.15
axis 2400_video_server 2.0
axis 2400_video_server 2.20
axis 2400_video_server 2.30
axis 2400_video_server 2.31
axis 2400_video_server 2.32
axis 2400_video_server 2.33
axis 2400_video_server 2.34
axis 2400_video_server 3.11
axis 2400_video_server 3.12
axis 2401_video_server 1.0_1
axis 2401_video_server 1.15
axis 2401_video_server 2.20
axis 2401_video_server 2.30
axis 2401_video_server 2.31
axis 2401_video_server 2.32
axis 2401_video_server 2.33
axis 2401_video_server 2.34
axis 2401_video_server 3.12
axis 2401_video_server 3.13
axis 2411_video_server 3.12
axis 2411_video_server 3.13
axis 2420_network_camera 2.12
axis 2420_network_camera 2.30
axis 2420_network_camera 2.31
axis 2420_network_camera 2.32
axis 2420_network_camera 2.33
axis 2420_network_camera 2.34
axis 2420_network_camera 2.40
axis 2420_network_camera 2.41
axis 2420_video_server 2.32
axis 2420_video_server 2.34
axis 2460_network_dvr *
axis 2460_network_dvr 3.10
axis 2460_network_dvr 3.11
axis 2490_serial_server *
axis 2490_serial_server 2.11.3
axis 250s_video_server *
axis 250s_video_server 3.03
axis 250s_video_server 3.10
axis storpoint_cd *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "94ABCB8C-8EED-4635-BA54-735CA12A1F64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "38C70CE1-0116-4C91-AB59-0C0D9F17099B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "44B1C47A-938B-4F9B-B4B5-88B8622DC965",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "E890E332-7A3B-4B6A-91B3-7FEFAF5DBA6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "4830EAF7-9504-4090-8DDD-6CC6658ABFD4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E26AD96-7BA4-4722-B059-6444FFC2E6D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "E06E7446-34EC-428A-82EE-2E24F2908C97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D4996E0-097B-4B79-8A1C-CE55F94B8D29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "0200586F-7F71-47F6-8D2E-F06E1BF418E7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5764F35-7F21-40D0-A3FF-8EEF97F7931D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BE3CF46-91CC-4AFD-B178-48AE90E0E339",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "D79A54BC-789D-4ED2-B3BC-C42959D7FFF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "79A8A437-5AF7-448E-9AF8-D8FBA481CFE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "5663D3D1-5962-4C43-B689-089EAFE25FD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "34EDC537-0EFF-46EA-8368-A690480E5D6E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "39798220-4621-4C5D-B6A7-6639D02E0C07",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "05EF66A4-F7BB-40C3-9CBF-5DB8715780C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DCA7249-7F8F-4A2D-B98F-6AA0ECF17D7F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E942419-3272-4267-AF23-4B6071D71277",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "3848A541-4F14-4E3B-99EE-B7C5A886C541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "34E980E1-62B8-4E37-AE9D-DFE033053620",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "730E6E09-C0C8-4F8A-BE07-BFED00FC1235",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "693571B9-BADF-4659-95D0-F08BF32F8C0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9A80666-C318-416B-A440-C99DB85739DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "3198BD36-7585-493D-B767-188F86949046",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "4891B49A-2957-4097-A0B9-12808956CDB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "95849B6C-BA5C-4C47-8AD0-AB41C269FFA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC228FC3-3687-4FED-A684-203040EEE884",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "27F906AC-E00B-482E-82FE-1A50F118FDEE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "540C4514-CC7D-4770-9DA8-8CE667CA00F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "95FA3628-81A6-4988-8A40-4A0581FDA493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "325D60DE-F689-4F76-ABB5-6065647A826A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "B19EA718-9899-4894-8EF2-E6C085804BFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "D16DD747-AA9A-4AC4-975C-0927C1637268",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A67DEDC-9269-4510-9F78-587879376A26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "8568E6B0-0016-40CC-BE22-BE3A2CE99C4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "238B59A2-F9C9-40CB-9700-831FE4B0AF7B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0C1C0AD-A638-45FC-ACAE-A7F056887025",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9F8BD2D-559E-4F01-A97E-AF51C7E61E4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "B40EB035-544F-4E0E-ADC0-9C63A5B91435",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "7626B23F-1DC3-4CDC-A52F-5A1191D6D135",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "81100E37-1B99-4317-829F-B4A2278FA323",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10321B16-1675-4609-8267-3971A9062AF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B011DC65-EE78-49C2-B813-2381A06F6617",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA31BA47-991B-4F8C-881C-09D9C6210DF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEFEB8F2-0E37-450B-8390-5B055E3848F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E5DEA84-37AD-4040-817D-928371236987",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "208DC45A-4E9C-4B6E-A984-C598485CB08E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB14B0A4-F98A-4331-993A-C5CD70F3903F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "B6885E77-4FD0-4C37-ADEC-2A5F8791C161",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1975F46-53D7-4C80-914C-3E5E85870191",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "35F0E1BA-D05F-41CB-ACD9-035A6DF4735E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "77835F00-45F1-49CB-9D34-160F0FE1E3ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "802A9E89-4715-4CB9-A371-5407A7320D13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "61B77020-D355-4179-ADEC-B0C59AB86478",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "1DD73320-38DA-4606-9CEA-F0C9D5A3215F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8374F1E-06BC-4A9E-8666-336AACC1F5BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*",
                     matchCriteriaId: "DAA3F905-8AC0-42A3-AC63-BA61AE6619AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "46E11270-65DE-4C07-A103-66217691069E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B93D2AD-FA36-4A6C-AC52-6FD0F3AE6A80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "D109CF38-0F5F-4A20-8A4A-DBE14D7826CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA6E6FEA-9D2E-4ACD-8C3A-98DA4EB1C994",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "10B4A828-33F4-4FB7-9637-3C761A73AEF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9D0B93D-00EC-4C5D-A173-34C28D20BF1A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "43D3B41F-4705-4CCC-BE6F-F7193EB24F64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "80523474-5361-464C-9588-6C55EA40E652",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFA38241-A7D8-4A73-833E-3DF470624163",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "12B56127-2DC3-4718-96F9-54FF156698BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B3F1771-AB7A-417C-A996-B0B4E03E8126",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "87C5C780-BBDB-410C-AE9D-4E48EFE0D47F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9034743F-699F-40A6-8D53-6631C78281FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*",
                     matchCriteriaId: "37949AD3-54DE-4302-98AD-4EBFCF3CBB53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF5F2F9D-5D62-42FE-A60A-72C09E06E9DE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7889BD02-DCDE-49F4-B432-DF9EB39C1251",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a ..  (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.",
      },
   ],
   id: "CVE-2004-2426",
   lastModified: "2024-11-20T23:53:19.660",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2004-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/12353",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://securitytracker.com/id?1011056",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/9122",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/11011",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/12353",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://securitytracker.com/id?1011056",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/9122",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/11011",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2004-2427
Vulnerability from cvelistv5
Published
2005-08-18 04:00
Modified
2024-08-08 01:29
Severity ?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.
References
http://www.osvdb.org/9126vdb-entry, x_refsource_OSVDB
http://www.osvdb.org/9127vdb-entry, x_refsource_OSVDB
http://www.osvdb.org/9129vdb-entry, x_refsource_OSVDB
http://www.osvdb.org/9128vdb-entry, x_refsource_OSVDB
http://www.osvdb.org/9125vdb-entry, x_refsource_OSVDB
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.htmlmailing-list, x_refsource_FULLDISC
http://www.osvdb.org/9130vdb-entry, x_refsource_OSVDB
http://securitytracker.com/id?1011056vdb-entry, x_refsource_SECTRACK
http://www.osvdb.org/9123vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T01:29:12.882Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "9126",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/9126",
               },
               {
                  name: "9127",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/9127",
               },
               {
                  name: "9129",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/9129",
               },
               {
                  name: "9128",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/9128",
               },
               {
                  name: "9125",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/9125",
               },
               {
                  name: "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
               },
               {
                  name: "9130",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/9130",
               },
               {
                  name: "1011056",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1011056",
               },
               {
                  name: "9123",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/9123",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2007-01-17T10:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "9126",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/9126",
            },
            {
               name: "9127",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/9127",
            },
            {
               name: "9129",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/9129",
            },
            {
               name: "9128",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/9128",
            },
            {
               name: "9125",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/9125",
            },
            {
               name: "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
            },
            {
               name: "9130",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/9130",
            },
            {
               name: "1011056",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1011056",
            },
            {
               name: "9123",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/9123",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-2427",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "9126",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/9126",
                  },
                  {
                     name: "9127",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/9127",
                  },
                  {
                     name: "9129",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/9129",
                  },
                  {
                     name: "9128",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/9128",
                  },
                  {
                     name: "9125",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/9125",
                  },
                  {
                     name: "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
                  },
                  {
                     name: "9130",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/9130",
                  },
                  {
                     name: "1011056",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1011056",
                  },
                  {
                     name: "9123",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/9123",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-2427",
      datePublished: "2005-08-18T04:00:00",
      dateReserved: "2005-08-18T00:00:00",
      dateUpdated: "2024-08-08T01:29:12.882Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-2425
Vulnerability from cvelistv5
Published
2005-08-18 04:00
Modified
2024-08-08 01:29
Severity ?
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/17076vdb-entry, x_refsource_XF
http://www.osvdb.org/9121vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/11011vdb-entry, x_refsource_BID
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.htmlmailing-list, x_refsource_FULLDISC
http://secunia.com/advisories/12353third-party-advisory, x_refsource_SECUNIA
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.htmlmailing-list, x_refsource_FULLDISC
http://securitytracker.com/id?1011056vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T01:29:13.554Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "asix-command-execution(17076)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076",
               },
               {
                  name: "9121",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/9121",
               },
               {
                  name: "11011",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/11011",
               },
               {
                  name: "20040831 Axis Network Camera and Video Server Security Advisory",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html",
               },
               {
                  name: "12353",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/12353",
               },
               {
                  name: "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
               },
               {
                  name: "1011056",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1011056",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "asix-command-execution(17076)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076",
            },
            {
               name: "9121",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/9121",
            },
            {
               name: "11011",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/11011",
            },
            {
               name: "20040831 Axis Network Camera and Video Server Security Advisory",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html",
            },
            {
               name: "12353",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/12353",
            },
            {
               name: "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
            },
            {
               name: "1011056",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1011056",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-2425",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "asix-command-execution(17076)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17076",
                  },
                  {
                     name: "9121",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/9121",
                  },
                  {
                     name: "11011",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/11011",
                  },
                  {
                     name: "20040831 Axis Network Camera and Video Server Security Advisory",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html",
                  },
                  {
                     name: "12353",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/12353",
                  },
                  {
                     name: "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
                  },
                  {
                     name: "1011056",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1011056",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-2425",
      datePublished: "2005-08-18T04:00:00",
      dateReserved: "2005-08-18T00:00:00",
      dateUpdated: "2024-08-08T01:29:13.554Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2004-2426
Vulnerability from cvelistv5
Published
2005-08-18 04:00
Modified
2024-08-08 01:29
Severity ?
Summary
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
References
http://www.osvdb.org/9122vdb-entry, x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/17079vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/11011vdb-entry, x_refsource_BID
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.htmlmailing-list, x_refsource_FULLDISC
http://secunia.com/advisories/12353third-party-advisory, x_refsource_SECUNIA
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.htmlmailing-list, x_refsource_FULLDISC
http://securitytracker.com/id?1011056vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T01:29:12.892Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "9122",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/9122",
               },
               {
                  name: "axis-directory-traversal(17079)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079",
               },
               {
                  name: "11011",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/11011",
               },
               {
                  name: "20040831 Axis Network Camera and Video Server Security Advisory",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html",
               },
               {
                  name: "12353",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/12353",
               },
               {
                  name: "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
               },
               {
                  name: "1011056",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1011056",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-08-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a ..  (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "9122",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/9122",
            },
            {
               name: "axis-directory-traversal(17079)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079",
            },
            {
               name: "11011",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/11011",
            },
            {
               name: "20040831 Axis Network Camera and Video Server Security Advisory",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html",
            },
            {
               name: "12353",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/12353",
            },
            {
               name: "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
            },
            {
               name: "1011056",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1011056",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-2426",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a ..  (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "9122",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/9122",
                  },
                  {
                     name: "axis-directory-traversal(17079)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17079",
                  },
                  {
                     name: "11011",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/11011",
                  },
                  {
                     name: "20040831 Axis Network Camera and Video Server Security Advisory",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html",
                  },
                  {
                     name: "12353",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/12353",
                  },
                  {
                     name: "20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html",
                  },
                  {
                     name: "1011056",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1011056",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-2426",
      datePublished: "2005-08-18T04:00:00",
      dateReserved: "2005-08-18T00:00:00",
      dateUpdated: "2024-08-08T01:29:12.892Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}