Axis Network Camera/Video Server Default Account

2001-12-05T00:00:00
ID OSVDB:401
Type osvdb
Reporter bashis(mcw@wcd.se), Chris Gragsone(maetrics@realwarp.net)
Modified 2001-12-05T00:00:00

Description

Vulnerability Description

By default, Axis network cameras and video servers install with a default password. The "copyright" account has a password of "mammalambalouie" and the "root" account has a password of "pass" which is publicly known and documented. This allows attackers to trivially access the program or system.

Solution Description

Upgrade to firmware version 5.33 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

By default, Axis network cameras and video servers install with a default password. The "copyright" account has a password of "mammalambalouie" and the "root" account has a password of "pass" which is publicly known and documented. This allows attackers to trivially access the program or system.

References:

Vendor Specific Solution URL: ftp://ftp.axis.com/pub_soft/cd_srv/cde_100/5_33/cde100_533.txt Security Tracker: 1011056 Secunia Advisory ID:12353 Nessus Plugin ID:10502 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html ISS X-Force ID: 7665 CVE-2001-1543 Bugtraq ID: 3640