7.5
CVSSv2

CVE-2004-2425

Published: 31/12/2004 Updated: 11/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Axis Network Camera 2.40 and previous versions, and Video Server 3.12 and previous versions, allows remote malicious users to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

axis 2100 network camera 2.30

axis 2100 network camera 2.31

axis 2110 network camera 2.30

axis 2110 network camera 2.31

axis 2110 network camera 2.32

axis 2120 network camera 2.32

axis 2120 network camera 2.34

axis 2130 ptz network camera 2.40

axis 2100 network camera 2.12

axis 2100 network camera 2.41

axis 2110 network camera 2.12

axis 2120 network camera 2.30

axis 2120 network camera 2.31

axis 2130 ptz network camera 2.32

axis 2130 ptz network camera 2.34

axis 2400 video server 1.15

axis 2400 video server 1.2

axis 2400 video server 3.11

axis 2400 video server 3.12

axis 2401 video server 2.33

axis 2401 video server 2.34

axis 2420 network camera 2.31

axis 2420 network camera 2.32

axis 2420 network camera 2.33

axis 2460 network dvr 3.10

axis 2460 network dvr 3.11

axis 2100 network camera 2.32

axis 2100 network camera 2.33

axis 2110 network camera 2.34

axis 2110 network camera 2.40

axis 2120 network camera 2.40

axis 2120 network camera 2.41

axis 2400 video server 1.1

axis 2400 video server 1.10

axis 2400 video server 2.31

axis 2400 video server 2.32

axis 2401 video server 2.20

axis 2401 video server 2.30

axis 2411 video server 3.12

axis 2411 video server 3.13

axis 2420 network camera 2.41

axis 2420 video server 2.32

axis 250s video server

axis 250s video server 3.03

axis 230 mpeg2 video server 3.11

axis 2400 video server 2.0

axis 2400 video server 2.20

axis 2400 video server 2.30

axis 2401 video server 1.0_1

axis 2401 video server 1.15

axis 2401 video server 3.12

axis 2401 video server 3.13

axis 2420 network camera 2.34

axis 2420 network camera 2.40

axis 2490 serial server

axis 2490 serial server 2.11.3

axis 2100 network camera 2.34

axis 2100 network camera 2.40

axis 2110 network camera 2.41

axis 2120 network camera 2.12

axis 2130 ptz network camera 2.30

axis 2130 ptz network camera 2.31

axis 2400 video server 1.11

axis 2400 video server 1.12

axis 2400 video server 2.33

axis 2400 video server 2.34

axis 2401 video server 2.31

axis 2401 video server 2.32

axis 2420 network camera 2.12

axis 2420 network camera 2.30

axis 2420 video server 2.34

axis 2460 network dvr

axis 250s video server 3.10

axis storpoint cd

Exploits

source: wwwsecurityfocuscom/bid/11011/info 1 A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device Other commands are also likely to work, facilitating other attacks This issue is reported to affect: - Axis 2100, 2110, 2120, 2420 network cameras ...