Details of VAR-200710-0192

ID

VAR-200710-0192

CVE

CVE-2007-5212

TITLE

AXIX 2100 Network Camera Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2007-006178

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. Exploiting these issues could allow an attacker to execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data. These issues affect 2100 Network Cameras with firmware version 2.43; other firmware versions and models may also be affected

Trust: 1.98

sources: NVD: CVE-2007-5212 // JVNDB: JVNDB-2007-006178 // BID: 25837 // VULHUB: VHN-28574

AFFECTED PRODUCTS

vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.02	Trust: 1.6
vendor:	axis	model:	2100 network camera	scope:	lte	version:	2.42	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	lt	version:	firmware	Trust: 0.8
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.02 2.43	Trust: 0.8
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.42	Trust: 0.6
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.43	Trust: 0.3

sources: BID: 25837 // JVNDB: JVNDB-2007-006178 // CNNVD: CNNVD-200710-071 // NVD: CVE-2007-5212

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5212
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-5212
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200710-071
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-28574
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-5212
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-28574
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28574 // JVNDB: JVNDB-2007-006178 // CNNVD: CNNVD-200710-071 // NVD: CVE-2007-5212

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-28574 // JVNDB: JVNDB-2007-006178 // NVD: CVE-2007-5212

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200710-071

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200710-071

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-006178

PATCH

title:

Top Page

url:

http://www.axis.com/index.htm

Trust: 0.8

sources: JVNDB: JVNDB-2007-006178

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5212	Trust: 2.8
db:	BID	id:	25837	Trust: 2.0
db:	OSVDB	id:	38795	Trust: 1.7
db:	OSVDB	id:	38796	Trust: 1.7
db:	SREASON	id:	3188	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-006178	Trust: 0.8
db:	BUGTRAQ	id:	20070928 OWNING BIG BROTHER: HOW TO CRACK INTO AXIS IP CAMERAS	Trust: 0.6
db:	CNNVD	id:	CNNVD-200710-071	Trust: 0.6
db:	VULHUB	id:	VHN-28574	Trust: 0.1

sources: VULHUB: VHN-28574 // BID: 25837 // JVNDB: JVNDB-2007-006178 // CNNVD: CNNVD-200710-071 // NVD: CVE-2007-5212

REFERENCES

url:	http://www.procheckup.com/vulnerability_axis_2100_research.pdf	Trust: 2.0
url:	http://www.securityfocus.com/bid/25837	Trust: 1.7
url:	http://osvdb.org/38795	Trust: 1.7
url:	http://osvdb.org/38796	Trust: 1.7
url:	http://securityreason.com/securityalert/3188	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/480995/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5212	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5212	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/480995/100/0/threaded	Trust: 0.6
url:	http://www.axis.com/files/sales/improving_security_en_0710.pdf	Trust: 0.3
url:	http://www.axis.com/products/camera_servers/index.htm	Trust: 0.3
url:	http://www.axis.com/files/tech_notes/xss_axis2100_security_en_0711.pdf	Trust: 0.3
url:	/archive/1/480995	Trust: 0.3

sources: VULHUB: VHN-28574 // BID: 25837 // JVNDB: JVNDB-2007-006178 // CNNVD: CNNVD-200710-071 // NVD: CVE-2007-5212

CREDITS

ProCheckUp is credited with the discovery of these vulnerabilities.

Trust: 0.3

sources: BID: 25837

SOURCES

db:	VULHUB	id:	VHN-28574
db:	BID	id:	25837
db:	JVNDB	id:	JVNDB-2007-006178
db:	CNNVD	id:	CNNVD-200710-071
db:	NVD	id:	CVE-2007-5212

LAST UPDATE DATE

2024-11-23T22:09:45.903000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28574	date:	2018-10-15T00:00:00
db:	BID	id:	25837	date:	2016-07-06T14:17:00
db:	JVNDB	id:	JVNDB-2007-006178	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200710-071	date:	2007-10-08T00:00:00
db:	NVD	id:	CVE-2007-5212	date:	2024-11-21T00:37:23.250

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28574	date:	2007-10-04T00:00:00
db:	BID	id:	25837	date:	2007-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2007-006178	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200710-071	date:	2007-10-04T00:00:00
db:	NVD	id:	CVE-2007-5212	date:	2007-10-04T23:17:00