Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Axis
  • 2110 Network Camera
  • 230 Mpeg2 Video Server
  • 2130 Ptz Network Camera
  • 2400 Video Server
  • 2420 Video Server
  • 2420 Network Camera
  • 2490 Serial Server
  • 250s Video Server
  • 2120 Network Camera
  • 2460 Network Dvr
  • 2411 Video Server
  • 2401 Video Server
  • Storpoint Cd
  • 2100 Network Camera

Configuration 1 [-]

OR cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*
cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*
cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*
cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*
cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*
cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*
cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*
cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*
cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*
cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*
References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html Exploit
http://securitytracker.com/id?1011056 Exploit
http://www.osvdb.org/9123
http://www.osvdb.org/9125
http://www.osvdb.org/9126
http://www.osvdb.org/9127
http://www.osvdb.org/9128
http://www.osvdb.org/9129
http://www.osvdb.org/9130 Patch
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-18T04:00:00

Updated: 2007-01-17T10:00:00

Reserved: 2005-08-18T00:00:00

Link: CVE-2004-2427

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2004-12-31T05:00:00.000

Modified: 2008-09-05T20:44:06.610

Link: CVE-2004-2427

JSON object: View

cve-icon Redhat Information

No data.

CWE