cvelistv5 - CVE-2007-4927

CVE-2007-4927 (GCVE-0-2007-4927)

Vulnerability from cvelistv5 – Published: 2007-09-18 18:00 – Updated: 2024-08-07 15:17

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/479600/100…	mailing-listx_refsource_BUGTRAQ
	http://securityreason.com/securityalert/3145	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/bid/25678	vdb-entryx_refsource_BID
	http://airscanner.com/security/07080701_axis.htm	x_refsource_MISC
	http://www.securitytracker.com/id?1018699	vdb-entryx_refsource_SECTRACK
	http://www.informit.com/articles/article.aspx?p=1016102	x_refsource_MISC
	http://secunia.com/advisories/26831	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:17:26.848Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070915 Axis 207W Wireless Camera Web Interface - Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/479600/100/0/threaded"
          },
          {
            "name": "3145",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3145"
          },
          {
            "name": "25678",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25678"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://airscanner.com/security/07080701_axis.htm"
          },
          {
            "name": "1018699",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018699"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.informit.com/articles/article.aspx?p=1016102"
          },
          {
            "name": "26831",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26831"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070915 Axis 207W Wireless Camera Web Interface - Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/479600/100/0/threaded"
        },
        {
          "name": "3145",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3145"
        },
        {
          "name": "25678",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25678"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://airscanner.com/security/07080701_axis.htm"
        },
        {
          "name": "1018699",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018699"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.informit.com/articles/article.aspx?p=1016102"
        },
        {
          "name": "26831",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26831"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4927",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070915 Axis 207W Wireless Camera Web Interface - Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/479600/100/0/threaded"
            },
            {
              "name": "3145",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3145"
            },
            {
              "name": "25678",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25678"
            },
            {
              "name": "http://airscanner.com/security/07080701_axis.htm",
              "refsource": "MISC",
              "url": "http://airscanner.com/security/07080701_axis.htm"
            },
            {
              "name": "1018699",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018699"
            },
            {
              "name": "http://www.informit.com/articles/article.aspx?p=1016102",
              "refsource": "MISC",
              "url": "http://www.informit.com/articles/article.aspx?p=1016102"
            },
            {
              "name": "26831",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26831"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4927",
    "datePublished": "2007-09-18T18:00:00",
    "dateReserved": "2007-09-18T00:00:00",
    "dateUpdated": "2024-08-07T15:17:26.848Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:axis:207w_network_camera:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14BB40E6-D830-453A-BE99-AD0C3E86EC07\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.\"}, {\"lang\": \"es\", \"value\": \"El axis-cgi/buffer/command.cgi en la c\\u00e1mara AXIS 207W permite a usuarios remotos autenticados provocar una denegaci\\u00f3n de servicio (reiniciar) a trav\\u00e9s de m\\u00faltiples peticiones con un \\u00fanico nombre de b\\u00fafer en el par\\u00e1metro buffername en la acci\\u00f3n de inicio.\"}]",
      "id": "CVE-2007-4927",
      "lastModified": "2024-11-21T00:36:44.437",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:N/A:P\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-09-18T18:17:00.000",
      "references": "[{\"url\": \"http://airscanner.com/security/07080701_axis.htm\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/26831\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/3145\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.informit.com/articles/article.aspx?p=1016102\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/479600/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/25678\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1018699\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://airscanner.com/security/07080701_axis.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/26831\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/3145\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.informit.com/articles/article.aspx?p=1016102\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/479600/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/25678\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1018699\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4927\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-09-18T18:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.\"},{\"lang\":\"es\",\"value\":\"El axis-cgi/buffer/command.cgi en la c\u00e1mara AXIS 207W permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (reiniciar) a trav\u00e9s de m\u00faltiples peticiones con un \u00fanico nombre de b\u00fafer en el par\u00e1metro buffername en la acci\u00f3n de inicio.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:N/A:P\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:axis:207w_network_camera:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14BB40E6-D830-453A-BE99-AD0C3E86EC07\"}]}]}],\"references\":[{\"url\":\"http://airscanner.com/security/07080701_axis.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26831\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3145\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.informit.com/articles/article.aspx?p=1016102\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/479600/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/25678\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1018699\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://airscanner.com/security/07080701_axis.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26831\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3145\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.informit.com/articles/article.aspx?p=1016102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/479600/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/25678\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1018699\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-6MRG-72V5-5VGP

Vulnerability from github – Published: 2022-05-01 18:28 – Updated: 2022-05-01 18:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4927"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-09-18T18:17:00Z",
    "severity": "LOW"
  },
  "details": "axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.",
  "id": "GHSA-6mrg-72v5-5vgp",
  "modified": "2022-05-01T18:28:12Z",
  "published": "2022-05-01T18:28:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4927"
    },
    {
      "type": "WEB",
      "url": "http://airscanner.com/security/07080701_axis.htm"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26831"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3145"
    },
    {
      "type": "WEB",
      "url": "http://www.informit.com/articles/article.aspx?p=1016102"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/479600/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25678"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018699"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200709-0161

Vulnerability from variot - Updated: 2023-12-18 12:12

axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action. Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability. Exploiting these issues may allow an attacker to compromise the device or to prevent other users from using the device.

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

Download the free PSI BETA from the Secunia website: https://psi.secunia.com/

TITLE: AXIS 207W Network Camera Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA26831

VERIFY ADVISORY: http://secunia.com/advisories/26831/

CRITICAL: Less critical

IMPACT: Cross Site Scripting, DoS

WHERE:

From remote

OPERATING SYSTEM: Axis Network Camera http://secunia.com/product/908/

DESCRIPTION: Seth Fogie has reported some vulnerabilities in the AXIS 207W Network Camera, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, or by malicious users to cause a DoS (Denial of Service).

1) Input passed to the "camNo" parameter in incl/image_incl.shtml is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) The web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. reboot the camera, add a new administrator, or to install a backdoor by enticing a logged-in administrator to visit a malicious site.

3) An unspecified vulnerability exists within the axis-cgi/buffer/command.cgi script. This can be exploited to reboot the vulnerable system by issuing multiple HTTP requests (more than 129) for the affected script with the "do" parameter set to "start" and with an arbitrary value for the "buffername" parameter.

Successful exploitation of this vulnerability requires valid user credentials.

SOLUTION: Filter traffic to affected devices and do not visit untrusted web sites while being logged in to the device.

PROVIDED AND/OR DISCOVERED BY: Seth Fogie, Airscanner Mobile Security

ORIGINAL ADVISORY: http://airscanner.com/security/07080701_axis.htm

OTHER REFERENCES: http://www.informit.com/articles/article.aspx?p=1016102

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200709-0161",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "207w network camera",
        "scope": null,
        "trust": 1.4,
        "vendor": "axis",
        "version": null
      },
      {
        "model": "207w network camera",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "axis",
        "version": "*"
      },
      {
        "model": "communications 207w network camera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "axis",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25678"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002640"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4927"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-236"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:axis:207w_network_camera:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4927"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Seth Fogie\u203b contact@airscanner.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-236"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-4927",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-4927",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-28289",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-4927",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200709-236",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-28289",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002640"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4927"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-236"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action. Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability. \nExploiting these issues may allow an attacker to compromise the device or to prevent other users from using the device. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nAXIS 207W Network Camera Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26831\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26831/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting, DoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nAxis Network Camera\nhttp://secunia.com/product/908/\n\nDESCRIPTION:\nSeth Fogie has reported some vulnerabilities in the AXIS 207W Network\nCamera, which can be exploited by malicious people to conduct\ncross-site scripting and cross-site request forgery attacks, or by\nmalicious users to cause a DoS (Denial of Service). \n\n1) Input passed to the \"camNo\" parameter in incl/image_incl.shtml is\nnot properly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user\u0027s\nbrowser session in context of an affected site. \n\n2) The web interface allows users to perform certain actions via HTTP\nrequests without performing any validity checks to verify the request. \nThis can be exploited to e.g. reboot the camera, add a new\nadministrator, or to install a backdoor by enticing a logged-in\nadministrator to visit a malicious site. \n\n3) An unspecified vulnerability exists within the\naxis-cgi/buffer/command.cgi script. This can be exploited to reboot\nthe vulnerable system by issuing multiple HTTP requests (more than\n129) for the affected script with the \"do\" parameter set to \"start\"\nand with an arbitrary value for the \"buffername\" parameter. \n\nSuccessful exploitation of this vulnerability requires valid user\ncredentials. \n\nSOLUTION:\nFilter traffic to affected devices and do not visit untrusted web\nsites while being logged in to the device. \n\nPROVIDED AND/OR DISCOVERED BY:\nSeth Fogie, Airscanner Mobile Security\n\nORIGINAL ADVISORY:\nhttp://airscanner.com/security/07080701_axis.htm\n\nOTHER REFERENCES:\nhttp://www.informit.com/articles/article.aspx?p=1016102\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4927"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002640"
      },
      {
        "db": "BID",
        "id": "25678"
      },
      {
        "db": "VULHUB",
        "id": "VHN-28289"
      },
      {
        "db": "PACKETSTORM",
        "id": "59326"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-4927",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "25678",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "26831",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1018699",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "3145",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002640",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20070915 AXIS 207W WIRELESS CAMERA WEB INTERFACE - MULTIPLE VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-236",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-28289",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "59326",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28289"
      },
      {
        "db": "BID",
        "id": "25678"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002640"
      },
      {
        "db": "PACKETSTORM",
        "id": "59326"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4927"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-236"
      }
    ]
  },
  "id": "VAR-200709-0161",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28289"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:12:26.593000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.axis.com/techsup/software/acc/index.htm"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002640"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002640"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4927"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://airscanner.com/security/07080701_axis.htm"
      },
      {
        "trust": 1.8,
        "url": "http://www.informit.com/articles/article.aspx?p=1016102"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/25678"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1018699"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26831"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/3145"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/479600/100/0/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4927"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4927"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/479600/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.axis.com/products/cam_207/index.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.informit.com/articles/article.aspx?p=1016102\u0026seqnum=1"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/479600"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/908/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26831/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28289"
      },
      {
        "db": "BID",
        "id": "25678"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002640"
      },
      {
        "db": "PACKETSTORM",
        "id": "59326"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4927"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-236"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-28289"
      },
      {
        "db": "BID",
        "id": "25678"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002640"
      },
      {
        "db": "PACKETSTORM",
        "id": "59326"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4927"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-236"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-09-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28289"
      },
      {
        "date": "2007-09-14T00:00:00",
        "db": "BID",
        "id": "25678"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002640"
      },
      {
        "date": "2007-09-18T14:57:18",
        "db": "PACKETSTORM",
        "id": "59326"
      },
      {
        "date": "2007-09-18T18:17:00",
        "db": "NVD",
        "id": "CVE-2007-4927"
      },
      {
        "date": "2007-09-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200709-236"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28289"
      },
      {
        "date": "2016-07-06T14:17:00",
        "db": "BID",
        "id": "25678"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002640"
      },
      {
        "date": "2018-10-15T21:38:53.067000",
        "db": "NVD",
        "id": "CVE-2007-4927"
      },
      {
        "date": "2007-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200709-236"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-236"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "AXIS Camera  axis-cgi/buffer/command.cgi Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002640"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-236"
      }
    ],
    "trust": 0.6
  }
}

GSD-2007-4927

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-4927

Aliases

CVE-2007-4927

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4927",
    "description": "axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.",
    "id": "GSD-2007-4927"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4927"
      ],
      "details": "axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.",
      "id": "GSD-2007-4927",
      "modified": "2023-12-13T01:21:36.873438Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4927",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20070915 Axis 207W Wireless Camera Web Interface - Multiple Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/479600/100/0/threaded"
          },
          {
            "name": "3145",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3145"
          },
          {
            "name": "25678",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25678"
          },
          {
            "name": "http://airscanner.com/security/07080701_axis.htm",
            "refsource": "MISC",
            "url": "http://airscanner.com/security/07080701_axis.htm"
          },
          {
            "name": "1018699",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018699"
          },
          {
            "name": "http://www.informit.com/articles/article.aspx?p=1016102",
            "refsource": "MISC",
            "url": "http://www.informit.com/articles/article.aspx?p=1016102"
          },
          {
            "name": "26831",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26831"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:axis:207w_network_camera:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4927"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://airscanner.com/security/07080701_axis.htm",
              "refsource": "MISC",
              "tags": [],
              "url": "http://airscanner.com/security/07080701_axis.htm"
            },
            {
              "name": "http://www.informit.com/articles/article.aspx?p=1016102",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.informit.com/articles/article.aspx?p=1016102"
            },
            {
              "name": "25678",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/25678"
            },
            {
              "name": "1018699",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018699"
            },
            {
              "name": "26831",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26831"
            },
            {
              "name": "3145",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3145"
            },
            {
              "name": "20070915 Axis 207W Wireless Camera Web Interface - Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/479600/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:38Z",
      "publishedDate": "2007-09-18T18:17Z"
    }
  }
}

FKIE_CVE-2007-4927

Vulnerability from fkie_nvd - Published: 2007-09-18 18:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://airscanner.com/security/07080701_axis.htm
cve@mitre.org	http://secunia.com/advisories/26831
cve@mitre.org	http://securityreason.com/securityalert/3145
cve@mitre.org	http://www.informit.com/articles/article.aspx?p=1016102
cve@mitre.org	http://www.securityfocus.com/archive/1/479600/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/25678	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1018699
af854a3a-2127-422b-91ae-364da2661108	http://airscanner.com/security/07080701_axis.htm
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26831
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3145
af854a3a-2127-422b-91ae-364da2661108	http://www.informit.com/articles/article.aspx?p=1016102
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/479600/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25678	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018699

Impacted products

	Vendor	Product	Version
	axis	207w_network_camera	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:axis:207w_network_camera:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14BB40E6-D830-453A-BE99-AD0C3E86EC07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action."
    },
    {
      "lang": "es",
      "value": "El axis-cgi/buffer/command.cgi en la c\u00e1mara AXIS 207W permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (reiniciar) a trav\u00e9s de m\u00faltiples peticiones con un \u00fanico nombre de b\u00fafer en el par\u00e1metro buffername en la acci\u00f3n de inicio."
    }
  ],
  "id": "CVE-2007-4927",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-09-18T18:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://airscanner.com/security/07080701_axis.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26831"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3145"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.informit.com/articles/article.aspx?p=1016102"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/479600/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/25678"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://airscanner.com/security/07080701_axis.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.informit.com/articles/article.aspx?p=1016102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/479600/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/25678"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018699"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-4927 (GCVE-0-2007-4927)

GHSA-6MRG-72V5-5VGP

VAR-200709-0161

GSD-2007-4927

FKIE_CVE-2007-4927

Tags

Sightings

Nomenclature