RSS   Vulnerabilities for '207w network camera'   RSS

2007-09-18
 
CVE-2007-4930

CWE-352
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml.

 
 
CVE-2007-4929

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors.

 
 
CVE-2007-4928

CWE-310
 

 
The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information.

 
 
CVE-2007-4927

CWE-20
 

 
axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.

 

 >>> Vendor: AXIS 32 Products
700 network document server
Storpoint cd
2100 network camera
2110 network camera
2120 network camera
Neteye 200
Neteye 200+
2130 ptz network camera
2400 video server
2401 video server
2420 network camera
2460 network dvr
250s video server
230 mpeg2 video server
2411 video server
2420 video server
2490 serial server
2420-ir network camera
Panorama ptz camera
207w camera
207w network camera
Axis camera control
2100 network camera firmware
M1054 network camera
M10 series network cameras firmware
Media control activex control
Axis communications firmware
Network camera firmware
P1354 firmware
M1033-w firmware
P1325-z firmware
Q1910-e firmware


Copyright 2019, cxsecurity.com

 

Back to Top