CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
45.4%
A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the ‘UserPermission’ endpoint with the ID of created account and set it to ‘admin’ userType, successfully adding a second administrative account.
Vendor | Product | Version | CPE |
---|---|---|---|
i3international | ax46_firmware | 5.2.0 | cpe:2.3:o:i3international:ax46_firmware:5.2.0:*:*:*:*:*:*:* |
i3international | ax46 | - | cpe:2.3:h:i3international:ax46:-:*:*:*:*:*:*:* |
i3international | ax68_firmware | 5.0.9 | cpe:2.3:o:i3international:ax68_firmware:5.0.9:*:*:*:*:*:*:* |
i3international | ax68 | - | cpe:2.3:h:i3international:ax68:-:*:*:*:*:*:*:* |
i3international | ax78_firmware | 5.0.9 | cpe:2.3:o:i3international:ax78_firmware:5.0.9:*:*:*:*:*:*:* |
i3international | ax78 | - | cpe:2.3:h:i3international:ax78:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
45.4%