VAR-200710-0192
Vulnerability from variot - Updated: 2023-12-18 12:24Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. Exploiting these issues could allow an attacker to execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data. These issues affect 2100 Network Cameras with firmware version 2.43; other firmware versions and models may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200710-0192",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.6,
"vendor": "axis",
"version": "2.02"
},
{
"model": "2100 network camera",
"scope": "lte",
"trust": 1.0,
"vendor": "axis",
"version": "2.42"
},
{
"model": "2100 network camera",
"scope": "lt",
"trust": 0.8,
"vendor": "axis",
"version": "firmware"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 0.8,
"vendor": "axis",
"version": "2.02 2.43"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 0.6,
"vendor": "axis",
"version": "2.42"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.43"
}
],
"sources": [
{
"db": "BID",
"id": "25837"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:axis:2100_network_camera:2.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:axis:2100_network_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.42",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5212"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ProCheckUp is credited with the discovery of these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "25837"
}
],
"trust": 0.3
},
"cve": "CVE-2007-5212",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-5212",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-28574",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-5212",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200710-071",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-28574",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28574"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. \nExploiting these issues could allow an attacker to execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data. \nThese issues affect 2100 Network Cameras with firmware version 2.43; other firmware versions and models may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "BID",
"id": "25837"
},
{
"db": "VULHUB",
"id": "VHN-28574"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5212",
"trust": 2.8
},
{
"db": "BID",
"id": "25837",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "38795",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "38796",
"trust": 1.7
},
{
"db": "SREASON",
"id": "3188",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20070928 OWNING BIG BROTHER: HOW TO CRACK INTO AXIS IP CAMERAS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200710-071",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-28574",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28574"
},
{
"db": "BID",
"id": "25837"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"id": "VAR-200710-0192",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28574"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:24:55.951000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.axis.com/index.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28574"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "NVD",
"id": "CVE-2007-5212"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.procheckup.com/vulnerability_axis_2100_research.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25837"
},
{
"trust": 1.7,
"url": "http://osvdb.org/38795"
},
{
"trust": 1.7,
"url": "http://osvdb.org/38796"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3188"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5212"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5212"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/480995/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.axis.com/files/sales/improving_security_en_0710.pdf"
},
{
"trust": 0.3,
"url": "http://www.axis.com/products/camera_servers/index.htm"
},
{
"trust": 0.3,
"url": "http://www.axis.com/files/tech_notes/xss_axis2100_security_en_0711.pdf"
},
{
"trust": 0.3,
"url": "/archive/1/480995"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28574"
},
{
"db": "BID",
"id": "25837"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-28574"
},
{
"db": "BID",
"id": "25837"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-28574"
},
{
"date": "2007-09-27T00:00:00",
"db": "BID",
"id": "25837"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"date": "2007-10-04T23:17:00",
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"date": "2007-10-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-28574"
},
{
"date": "2016-07-06T14:17:00",
"db": "BID",
"id": "25837"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"date": "2018-10-15T21:41:16.087000",
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"date": "2007-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AXIX 2100 Network Camera Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…