CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
82.6%
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a … (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
Vendor | Product | Version | CPE |
---|---|---|---|
axis | 2100_network_camera | 2.12 | cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:* |
axis | 2100_network_camera | 2.30 | cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:* |
axis | 2100_network_camera | 2.31 | cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:* |
axis | 2100_network_camera | 2.32 | cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:* |
axis | 2100_network_camera | 2.33 | cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:* |
axis | 2100_network_camera | 2.34 | cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:* |
axis | 2100_network_camera | 2.40 | cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:* |
axis | 2100_network_camera | 2.41 | cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:* |
axis | 2110_network_camera | 2.12 | cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:* |
axis | 2110_network_camera | 2.30 | cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:* |