Details of VAR-200412-0392

ID

VAR-200412-0392

CVE

CVE-2004-2426

TITLE

Axis Network Camera And Video Server Multiple Vulnerabilities

Trust: 0.9

sources: BID: 11011 // CNNVD: CNNVD-200412-745

DESCRIPTION

Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi. A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device. Other commands are also likely to work, facilitating other attacks. This issue is reported to affect: - Axis 2100, 2110, 2120, 2420 network cameras with firmware versions 2.34 thru 2.40 - Axis 2130 network cameras - Axis 2401 and 2401 video servers 2. A directory-traversal vulnerability in HTTP POST requests. This attack is demonstrated by an anonymous user calling protected administration scripts. This bypasses authentication checks and gives anonymous users remote adminitration of the devices. This issue is reported to affect: - Axis 2100, 2110, 2120, 2420 network cameras with firmware versions 2.12 thru 2.40 - Axis 2130 network cameras - Axis 2401,and 2401 video servers 3. A hardcoded backdoor administrative-user issue allows remote attackers to administer affected devices. This likely cannot be disabled. This issue is reported to affect: - Axis StorePoint CD E100 CD-ROM Server with firmware version 5.30 Other products and versions of firmware are likely affected by one or more of these vulnerabilities

Trust: 1.26

sources: NVD: CVE-2004-2426 // BID: 11011 // VULHUB: VHN-10854

AFFECTED PRODUCTS

vendor:	axis	model:	2400 video server	scope:	eq	version:	2.32	Trust: 1.6
vendor:	axis	model:	2401 video server	scope:	eq	version:	1.0_1	Trust: 1.6
vendor:	axis	model:	2401 video server	scope:	eq	version:	2.30	Trust: 1.6
vendor:	axis	model:	2400 video server	scope:	eq	version:	3.12	Trust: 1.6
vendor:	axis	model:	2401 video server	scope:	eq	version:	2.20	Trust: 1.6
vendor:	axis	model:	2400 video server	scope:	eq	version:	2.31	Trust: 1.6
vendor:	axis	model:	2400 video server	scope:	eq	version:	2.34	Trust: 1.6
vendor:	axis	model:	2400 video server	scope:	eq	version:	2.33	Trust: 1.6
vendor:	axis	model:	2401 video server	scope:	eq	version:	1.15	Trust: 1.6
vendor:	axis	model:	2400 video server	scope:	eq	version:	3.11	Trust: 1.6
vendor:	axis	model:	2400 video server	scope:	eq	version:	1.12	Trust: 1.0
vendor:	axis	model:	2130 ptz network camera	scope:	eq	version:	2.30	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	2.0	Trust: 1.0
vendor:	axis	model:	2460 network dvr	scope:	eq	version:	3.11	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.12	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	1.2	Trust: 1.0
vendor:	axis	model:	2411 video server	scope:	eq	version:	3.12	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.30	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.33	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.40	Trust: 1.0
vendor:	axis	model:	2490 serial server	scope:	eq	version:	*	Trust: 1.0
vendor:	axis	model:	2130 ptz network camera	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	1.10	Trust: 1.0
vendor:	axis	model:	2420 video server	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	250s video server	scope:	eq	version:	3.10	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.31	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.41	Trust: 1.0
vendor:	axis	model:	250s video server	scope:	eq	version:	*	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.41	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.12	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.30	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.31	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.40	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.33	Trust: 1.0
vendor:	axis	model:	2130 ptz network camera	scope:	eq	version:	2.31	Trust: 1.0
vendor:	axis	model:	230 mpeg2 video server	scope:	eq	version:	3.11	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.41	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.31	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	2.33	Trust: 1.0
vendor:	axis	model:	2460 network dvr	scope:	eq	version:	3.10	Trust: 1.0
vendor:	axis	model:	2130 ptz network camera	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	3.13	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.40	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.12	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	2.31	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2460 network dvr	scope:	eq	version:	*	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.30	Trust: 1.0
vendor:	axis	model:	storpoint cd	scope:	eq	version:	*	Trust: 1.0
vendor:	axis	model:	2420 video server	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2490 serial server	scope:	eq	version:	2.11.3	Trust: 1.0
vendor:	axis	model:	2130 ptz network camera	scope:	eq	version:	2.40	Trust: 1.0
vendor:	axis	model:	250s video server	scope:	eq	version:	3.03	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	2.30	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.41	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	1.1	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	2.20	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	3.12	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.40	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	1.11	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	1.15	Trust: 1.0
vendor:	axis	model:	2411 video server	scope:	eq	version:	3.13	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.31	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.12	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.30	Trust: 1.0
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.31	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	ne	version:	2401+3.13	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.32	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.40	Trust: 0.3
vendor:	axis	model:	communications ptz network camera	scope:	eq	version:	21302.40	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.31	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.34	Trust: 0.3
vendor:	axis	model:	communications 250s mpeg-2 video server	scope:	ne	version:	3.20	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24001.02	Trust: 0.3
vendor:	axis	model:	communications ptz network camera	scope:	eq	version:	21302.31	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.32	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24001.15	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	ne	version:	24012.34.1	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.32	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.30	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.32	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24202.32	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.30	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24113.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.32	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.33	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.31	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	2400+3.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	ne	version:	24202.42	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.32	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.41	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.20	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	2401+3.13	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.20	Trust: 0.3
vendor:	axis	model:	communications ptz network camera	scope:	eq	version:	21302.34	Trust: 0.3
vendor:	axis	model:	communications network dvr	scope:	eq	version:	2460	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	ne	version:	24113.13	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	ne	version:	21302.42	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.34	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.30	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.41	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	ne	version:	2400+3.13	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.34	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.33	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.31	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.0	Trust: 0.3
vendor:	axis	model:	communications 250s mpeg-2 video server	scope:	eq	version:	3.10	Trust: 0.3
vendor:	axis	model:	communications serial server	scope:	eq	version:	2490	Trust: 0.3
vendor:	axis	model:	communications ptz network camera	scope:	eq	version:	21302.32	Trust: 0.3
vendor:	axis	model:	communications mpeg-2 video server	scope:	ne	version:	2303.20	Trust: 0.3
vendor:	axis	model:	communications 250s video server	scope:	eq	version:	3.03	Trust: 0.3
vendor:	axis	model:	communications blade video server	scope:	ne	version:	2401+3.13	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	ne	version:	21202.42	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24001.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	ne	version:	21002.42	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24011.01	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	2400+3.11	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	ne	version:	24002.34.1	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.33	Trust: 0.3
vendor:	axis	model:	communications network dvr	scope:	eq	version:	24603.10	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.12	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24113.13	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.40	Trust: 0.3
vendor:	axis	model:	communications network dvr	scope:	eq	version:	24603.11	Trust: 0.3
vendor:	axis	model:	communications mpeg-2 video server 250s	scope:	-	version:	-	Trust: 0.3
vendor:	axis	model:	communications storpoint cd	scope:	-	version:	-	Trust: 0.3
vendor:	axis	model:	communications serial server	scope:	eq	version:	24902.11.3	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.34	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24001.10	Trust: 0.3
vendor:	axis	model:	communications blade video server	scope:	eq	version:	2400+3.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.41	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.34	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	ne	version:	21102.42	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.40	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	2401+3.12	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24001.11	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24011.15	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.33	Trust: 0.3
vendor:	axis	model:	communications blade video server	scope:	ne	version:	2400+3.13	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24202.34	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.31	Trust: 0.3
vendor:	axis	model:	communications ptz network camera	scope:	eq	version:	21302.30	Trust: 0.3
vendor:	axis	model:	communications digital video recorder	scope:	ne	version:	24603.13	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24001.01	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.34	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.30	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.30	Trust: 0.3
vendor:	axis	model:	communications mpeg-2 video server	scope:	eq	version:	2303.11	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.41	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.40	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.31	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.30	Trust: 0.3
vendor:	axis	model:	communications blade video server	scope:	eq	version:	2401+3.12	Trust: 0.3

sources: BID: 11011 // CNNVD: CNNVD-200412-745 // NVD: CVE-2004-2426

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2426
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200412-745
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-10854
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-2426
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10854
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10854 // CNNVD: CNNVD-200412-745 // NVD: CVE-2004-2426

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2426

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-745

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200412-745

EXTERNAL IDS

db:	BID	id:	11011	Trust: 2.0
db:	SECTRACK	id:	1011056	Trust: 1.7
db:	SECUNIA	id:	12353	Trust: 1.7
db:	OSVDB	id:	9122	Trust: 1.7
db:	NVD	id:	CVE-2004-2426	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-745	Trust: 0.7
db:	FULLDISC	id:	20040831 AXIS NETWORK CAMERA AND VIDEO SERVER SECURITY ADVISORY	Trust: 0.6
db:	FULLDISC	id:	20040822 [POC] NASTY BUG(S) FOUND IN AXIS NETWORK CAMERA/VIDEO SERVERS	Trust: 0.6
db:	XF	id:	17079	Trust: 0.6
db:	VULHUB	id:	VHN-10854	Trust: 0.1

sources: VULHUB: VHN-10854 // BID: 11011 // CNNVD: CNNVD-200412-745 // NVD: CVE-2004-2426

REFERENCES

url:	http://www.securityfocus.com/bid/11011	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html	Trust: 1.7
url:	http://www.osvdb.org/9122	Trust: 1.7
url:	http://securitytracker.com/id?1011056	Trust: 1.7
url:	http://secunia.com/advisories/12353	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17079	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/17079	Trust: 0.6
url:	http://www.axis.com/products/camera_servers/index.htm	Trust: 0.3
url:	/archive/1/372643	Trust: 0.3
url:	/archive/1/372630	Trust: 0.3

sources: VULHUB: VHN-10854 // BID: 11011 // CNNVD: CNNVD-200412-745 // NVD: CVE-2004-2426

CREDITS

bashis

Trust: 0.6

sources: CNNVD: CNNVD-200412-745

SOURCES

db:	VULHUB	id:	VHN-10854
db:	BID	id:	11011
db:	CNNVD	id:	CNNVD-200412-745
db:	NVD	id:	CVE-2004-2426

LAST UPDATE DATE

2024-08-14T14:00:43.965000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10854	date:	2017-07-11T00:00:00
db:	BID	id:	11011	date:	2007-02-06T20:08:00
db:	CNNVD	id:	CNNVD-200412-745	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-2426	date:	2017-07-11T01:31:53.170

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10854	date:	2004-12-31T00:00:00
db:	BID	id:	11011	date:	2004-08-23T00:00:00
db:	CNNVD	id:	CNNVD-200412-745	date:	2004-12-31T00:00:00
db:	NVD	id:	CVE-2004-2426	date:	2004-12-31T05:00:00