var-200710-0193
Vulnerability from variot
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page. AXIX 2100 Network Camera Contains a cross-site scripting vulnerability.An action could be taken by a third party as an administrator. Axis Communications 2100 Network Camera is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue, multiple HTML-injection issues, and a cross-site request-forgery issue, because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data. These issues affect 2100 Network Cameras with firmware version 2.43; other firmware versions and models may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200710-0193",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.6,
"vendor": "axis",
"version": "2.02"
},
{
"model": "2100 network camera",
"scope": "lte",
"trust": 1.0,
"vendor": "axis",
"version": "2.42"
},
{
"model": "2100 network camera",
"scope": "lte",
"trust": 0.8,
"vendor": "axis",
"version": "2.02 and 2.43 firmware"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 0.6,
"vendor": "axis",
"version": "2.42"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.43"
}
],
"sources": [
{
"db": "BID",
"id": "25837"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006179"
},
{
"db": "NVD",
"id": "CVE-2007-5213"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-067"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:axis:2100_network_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.42",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:axis:2100_network_camera:2.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5213"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ProCheckUp is credited with the discovery of these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "25837"
}
],
"trust": 0.3
},
"cve": "CVE-2007-5213",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-5213",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-28575",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-5213",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200710-067",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-28575",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28575"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006179"
},
{
"db": "NVD",
"id": "CVE-2007-5213"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-067"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page. AXIX 2100 Network Camera Contains a cross-site scripting vulnerability.An action could be taken by a third party as an administrator. Axis Communications 2100 Network Camera is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue, multiple HTML-injection issues, and a cross-site request-forgery issue, because the application fails to properly sanitize user-supplied input. \nExploiting these issues could allow an attacker to execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data. \nThese issues affect 2100 Network Cameras with firmware version 2.43; other firmware versions and models may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5213"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006179"
},
{
"db": "BID",
"id": "25837"
},
{
"db": "VULHUB",
"id": "VHN-28575"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5213",
"trust": 2.8
},
{
"db": "BID",
"id": "25837",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "39490",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "39491",
"trust": 1.7
},
{
"db": "SREASON",
"id": "3188",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006179",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20070928 OWNING BIG BROTHER: HOW TO CRACK INTO AXIS IP CAMERAS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200710-067",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-28575",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28575"
},
{
"db": "BID",
"id": "25837"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006179"
},
{
"db": "NVD",
"id": "CVE-2007-5213"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-067"
}
]
},
"id": "VAR-200710-0193",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28575"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:24:55.922000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.axis.com/index.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006179"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28575"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006179"
},
{
"db": "NVD",
"id": "CVE-2007-5213"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.procheckup.com/vulnerability_axis_2100_research.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25837"
},
{
"trust": 1.7,
"url": "http://osvdb.org/39490"
},
{
"trust": 1.7,
"url": "http://osvdb.org/39491"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3188"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5213"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5213"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/480995/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.axis.com/files/sales/improving_security_en_0710.pdf"
},
{
"trust": 0.3,
"url": "http://www.axis.com/products/camera_servers/index.htm"
},
{
"trust": 0.3,
"url": "http://www.axis.com/files/tech_notes/xss_axis2100_security_en_0711.pdf"
},
{
"trust": 0.3,
"url": "/archive/1/480995"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28575"
},
{
"db": "BID",
"id": "25837"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006179"
},
{
"db": "NVD",
"id": "CVE-2007-5213"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-067"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-28575"
},
{
"db": "BID",
"id": "25837"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006179"
},
{
"db": "NVD",
"id": "CVE-2007-5213"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-067"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-28575"
},
{
"date": "2007-09-27T00:00:00",
"db": "BID",
"id": "25837"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-006179"
},
{
"date": "2007-10-04T23:17:00",
"db": "NVD",
"id": "CVE-2007-5213"
},
{
"date": "2007-10-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-067"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-28575"
},
{
"date": "2016-07-06T14:17:00",
"db": "BID",
"id": "25837"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-006179"
},
{
"date": "2018-10-15T21:41:16.570000",
"db": "NVD",
"id": "CVE-2007-5213"
},
{
"date": "2007-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-067"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-067"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AXIX 2100 Network Camera Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006179"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-067"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.