Lucene search

[email protected]CVE-2007-5213

HistoryOct 04, 2007 - 11:17 p.m.

CVE-2007-5213

2007-10-0423:17:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2007-5213

axis 2100

network camera

csrf

remote attackers

firmware 2.43

nvd

7.9 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.3%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.

CPENameOperatorVersion
axis:2100_network_camera_firmwareaxis 2100 network camera firmwarele2.42
axis:2100_network_cameraaxis 2100 network cameraeq2.02

CPE	Name	Operator	Version
axis:2100_network_camera_firmware	axis 2100 network camera firmware	le	2.42
axis:2100_network_camera	axis 2100 network camera	eq	2.02

References

osvdb.org/39490

osvdb.org/39491

securityreason.com/securityalert/3188

www.procheckup.com/Vulnerability_Axis_2100_research.pdf

www.securityfocus.com/archive/1/480995/100/0/threaded

www.securityfocus.com/bid/25837

7.9 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.3%

JSON

Related for CVE-2007-5213

prion1