CVE-2003-0240

2003-06-0904:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

axis network camera

web security

admin bypass

vulnerability

cve-2003-0240

6.9 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.8%

JSON

The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).

CPENameOperatorVersion
axis:2100_network_cameraaxis 2100 network camerale2.32
axis:2420_network_cameraaxis 2420 network camerale2.32
axis:2400_video_serveraxis 2400 video serverle2.32
axis:2460_network_dvraxis 2460 network dvrle3.00
axis:2120_network_cameraaxis 2120 network camerale2.32
axis:2401_video_serveraxis 2401 video serverle2.32
axis:250s_video_serveraxis 250s video serverle3.02
axis:2110_network_cameraaxis 2110 network camerale2.32
axis:2130_ptz_network_cameraaxis 2130 ptz network camerale2.32

CPE	Name	Operator	Version
axis:2100_network_camera	axis 2100 network camera	le	2.32
axis:2420_network_camera	axis 2420 network camera	le	2.32
axis:2400_video_server	axis 2400 video server	le	2.32
axis:2460_network_dvr	axis 2460 network dvr	le	3.00
axis:2120_network_camera	axis 2120 network camera	le	2.32
axis:2401_video_server	axis 2401 video server	le	2.32
axis:250s_video_server	axis 250s video server	le	3.02
axis:2110_network_camera	axis 2110 network camera	le	2.32
axis:2130_ptz_network_camera	axis 2130 ptz network camera	le	2.32