var-200710-0192
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. Exploiting these issues could allow an attacker to execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data. These issues affect 2100 Network Cameras with firmware version 2.43; other firmware versions and models may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200710-0192",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.6,
"vendor": "axis",
"version": "2.02"
},
{
"model": "2100 network camera",
"scope": "lte",
"trust": 1.0,
"vendor": "axis",
"version": "2.42"
},
{
"model": "2100 network camera",
"scope": "lt",
"trust": 0.8,
"vendor": "axis",
"version": "firmware"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 0.8,
"vendor": "axis",
"version": "2.02 2.43"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 0.6,
"vendor": "axis",
"version": "2.42"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.43"
}
],
"sources": [
{
"db": "BID",
"id": "25837"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:axis:2100_network_camera:2.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:axis:2100_network_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.42",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5212"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ProCheckUp is credited with the discovery of these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "25837"
}
],
"trust": 0.3
},
"cve": "CVE-2007-5212",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-5212",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-28574",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-5212",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200710-071",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-28574",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28574"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. \nExploiting these issues could allow an attacker to execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data. \nThese issues affect 2100 Network Cameras with firmware version 2.43; other firmware versions and models may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "BID",
"id": "25837"
},
{
"db": "VULHUB",
"id": "VHN-28574"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5212",
"trust": 2.8
},
{
"db": "BID",
"id": "25837",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "38795",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "38796",
"trust": 1.7
},
{
"db": "SREASON",
"id": "3188",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20070928 OWNING BIG BROTHER: HOW TO CRACK INTO AXIS IP CAMERAS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200710-071",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-28574",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28574"
},
{
"db": "BID",
"id": "25837"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"id": "VAR-200710-0192",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28574"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:24:55.951000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.axis.com/index.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28574"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "NVD",
"id": "CVE-2007-5212"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.procheckup.com/vulnerability_axis_2100_research.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25837"
},
{
"trust": 1.7,
"url": "http://osvdb.org/38795"
},
{
"trust": 1.7,
"url": "http://osvdb.org/38796"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3188"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5212"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5212"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/480995/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.axis.com/files/sales/improving_security_en_0710.pdf"
},
{
"trust": 0.3,
"url": "http://www.axis.com/products/camera_servers/index.htm"
},
{
"trust": 0.3,
"url": "http://www.axis.com/files/tech_notes/xss_axis2100_security_en_0711.pdf"
},
{
"trust": 0.3,
"url": "/archive/1/480995"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28574"
},
{
"db": "BID",
"id": "25837"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-28574"
},
{
"db": "BID",
"id": "25837"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-28574"
},
{
"date": "2007-09-27T00:00:00",
"db": "BID",
"id": "25837"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"date": "2007-10-04T23:17:00",
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"date": "2007-10-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-28574"
},
{
"date": "2016-07-06T14:17:00",
"db": "BID",
"id": "25837"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-006178"
},
{
"date": "2018-10-15T21:41:16.087000",
"db": "NVD",
"id": "CVE-2007-5212"
},
{
"date": "2007-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AXIX 2100 Network Camera Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006178"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-071"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.