Published: 31/12/2004 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Axis Network Camera 2.40 and previous versions, and Video Server 3.12 and previous versions, allows remote malicious users to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.

Vulnerable Product	Search on Vulmon	Subscribe to Product
axis 2100 network camera 2.30
axis 2100 network camera 2.31
axis 2110 network camera 2.30
axis 2110 network camera 2.31
axis 2110 network camera 2.32
axis 2120 network camera 2.32
axis 2120 network camera 2.34
axis 2130 ptz network camera 2.40
axis 2100 network camera 2.12
axis 2100 network camera 2.41
axis 2110 network camera 2.12
axis 2120 network camera 2.30
axis 2120 network camera 2.31
axis 2130 ptz network camera 2.32
axis 2130 ptz network camera 2.34
axis 2400 video server 1.15
axis 2400 video server 1.2
axis 2400 video server 3.11
axis 2400 video server 3.12
axis 2401 video server 2.33
axis 2401 video server 2.34
axis 2420 network camera 2.31
axis 2420 network camera 2.32
axis 2420 network camera 2.33
axis 2460 network dvr 3.10
axis 2460 network dvr 3.11
axis 2100 network camera 2.32
axis 2100 network camera 2.33
axis 2110 network camera 2.34
axis 2110 network camera 2.40
axis 2120 network camera 2.40
axis 2120 network camera 2.41
axis 2400 video server 1.1
axis 2400 video server 1.10
axis 2400 video server 2.31
axis 2400 video server 2.32
axis 2401 video server 2.20
axis 2401 video server 2.30
axis 2411 video server 3.12
axis 2411 video server 3.13
axis 2420 network camera 2.41
axis 2420 video server 2.32
axis 250s video server
axis 250s video server 3.03
axis 230 mpeg2 video server 3.11
axis 2400 video server 2.0
axis 2400 video server 2.20
axis 2400 video server 2.30
axis 2401 video server 1.0_1
axis 2401 video server 1.15
axis 2401 video server 3.12
axis 2401 video server 3.13
axis 2420 network camera 2.34
axis 2420 network camera 2.40
axis 2490 serial server
axis 2490 serial server 2.11.3
axis 2100 network camera 2.34
axis 2100 network camera 2.40
axis 2110 network camera 2.41
axis 2120 network camera 2.12
axis 2130 ptz network camera 2.30
axis 2130 ptz network camera 2.31
axis 2400 video server 1.11
axis 2400 video server 1.12
axis 2400 video server 2.33
axis 2400 video server 2.34
axis 2401 video server 2.31
axis 2401 video server 2.32
axis 2420 network camera 2.12
axis 2420 network camera 2.30
axis 2420 video server 2.34
axis 2460 network dvr
axis 250s video server 3.10
axis storpoint cd

source: wwwsecurityfocuscom/bid/11011/info 1 A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device Other commands are also likely to work, facilitating other attacks This issue is reported to affect: - Axis 2100, 2110, 2120, 2420 network cameras ...

NVD-CWE-Other http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html http://www.securityfocus.com/bid/11011 http://www.osvdb.org/9121 http://securitytracker.com/id?1011056 http://secunia.com/advisories/12353 https://exchange.xforce.ibmcloud.com/vulnerabilities/17076 https://nvd.nist.gov https://www.exploit-db.com/exploits/24400/

CVE-2004-2425

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect