Vulnerability CVE-2007-5213


Published: 2007-10-04   Modified: 2012-02-12

Description:
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Owning Big Brother: How to Crack into Axis IP cameras
Procheckup
05.10.2007

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

Vendor: AXIS
Product: 2100 network camera firmware 
Version: 2.42;
Product: 2100 network camera 
Version: 2.02;

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://securityreason.com/securityalert/3188
http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf
http://www.securityfocus.com/archive/1/480995/100/0/threaded
http://www.securityfocus.com/bid/25837

Related CVE
CVE-2018-10664
An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.
CVE-2018-10663
An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation.
CVE-2018-10662
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
CVE-2018-10661
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
CVE-2018-10660
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
CVE-2018-10659
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM ins...
CVE-2018-10658
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.
CVE-2018-9158
An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood ...

Copyright 2019, cxsecurity.com

 

Back to Top