Vulnerability CVE-2007-4926


Published: 2007-09-18   Modified: 2012-02-12

Description:
The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Axis 207W Wireless Camera Web Interface - Multiple Vulnerabilities
Seth Fogie
19.09.2007

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
AXIS -> 207w camera 

 References:
http://airscanner.com/security/07080701_axis.htm
http://securityreason.com/securityalert/3145
http://www.informit.com/articles/article.aspx?p=1016102
http://www.securityfocus.com/archive/1/479600/100/0/threaded
http://www.securitytracker.com/id?1018699

Copyright 2024, cxsecurity.com

 

Back to Top