Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and previous versions allow remote malicious users to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
axis 2100 network camera firmware |
||
axis 2100 network camera 2.02 |