Axis Network Camera 2.x And Video Server 1-3 virtualinput.cgi Arbitrary Command Execution

ID SSV:78132
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


1. A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device. Other commands are also likely to work, facilitating other attacks.

This issue is reported to affect:
- Axis 2100, 2110, 2120, 2420 network cameras with firmware versions 2.34 thru 2.40
- Axis 2130 network cameras
- Axis 2401 and 2401 video servers\x60cat</etc/passwd>/mnt/flash/etc/httpd/html/passwd\x60