Vulnerability Details CVE-2004-2426
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html
- http://secunia.com/advisories/12353
- http://securitytracker.com/id?1011056
- http://www.osvdb.org/9122
- http://www.securityfocus.com/bid/11011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17079
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html
- http://secunia.com/advisories/12353
- http://securitytracker.com/id?1011056
- http://www.osvdb.org/9122
- http://www.securityfocus.com/bid/11011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17079
Products affected by CVE-2004-2426
-
cpe:2.3:h:axis:2100_network_camera:2.12
-
cpe:2.3:h:axis:2100_network_camera:2.30
-
cpe:2.3:h:axis:2100_network_camera:2.31
-
cpe:2.3:h:axis:2100_network_camera:2.32
-
cpe:2.3:h:axis:2100_network_camera:2.33
-
cpe:2.3:h:axis:2100_network_camera:2.34
-
cpe:2.3:h:axis:2100_network_camera:2.40
-
cpe:2.3:h:axis:2100_network_camera:2.41
-
cpe:2.3:h:axis:2110_network_camera:2.12
-
cpe:2.3:h:axis:2110_network_camera:2.30
-
cpe:2.3:h:axis:2110_network_camera:2.31
-
cpe:2.3:h:axis:2110_network_camera:2.32
-
cpe:2.3:h:axis:2110_network_camera:2.34
-
cpe:2.3:h:axis:2110_network_camera:2.40
-
cpe:2.3:h:axis:2110_network_camera:2.41
-
cpe:2.3:h:axis:2120_network_camera:2.12
-
cpe:2.3:h:axis:2120_network_camera:2.30
-
cpe:2.3:h:axis:2120_network_camera:2.31
-
cpe:2.3:h:axis:2120_network_camera:2.32
-
cpe:2.3:h:axis:2120_network_camera:2.34
-
cpe:2.3:h:axis:2120_network_camera:2.40
-
cpe:2.3:h:axis:2120_network_camera:2.41
-
cpe:2.3:h:axis:2130_ptz_network_camera:2.30
-
cpe:2.3:h:axis:2130_ptz_network_camera:2.31
-
cpe:2.3:h:axis:2130_ptz_network_camera:2.32
-
cpe:2.3:h:axis:2130_ptz_network_camera:2.34
-
cpe:2.3:h:axis:2130_ptz_network_camera:2.40
-
cpe:2.3:h:axis:230_mpeg2_video_server:3.11
-
cpe:2.3:h:axis:2400_video_server:1.1
-
cpe:2.3:h:axis:2400_video_server:1.10
-
cpe:2.3:h:axis:2400_video_server:1.11
-
cpe:2.3:h:axis:2400_video_server:1.12
-
cpe:2.3:h:axis:2400_video_server:1.15
-
cpe:2.3:h:axis:2400_video_server:1.2
-
cpe:2.3:h:axis:2400_video_server:2.0
-
cpe:2.3:h:axis:2400_video_server:2.20
-
cpe:2.3:h:axis:2400_video_server:2.30
-
cpe:2.3:h:axis:2400_video_server:2.31
-
cpe:2.3:h:axis:2400_video_server:2.32
-
cpe:2.3:h:axis:2400_video_server:2.33
-
cpe:2.3:h:axis:2400_video_server:2.34
-
cpe:2.3:h:axis:2400_video_server:3.11
-
cpe:2.3:h:axis:2400_video_server:3.12
-
cpe:2.3:h:axis:2401_video_server:1.0_1
-
cpe:2.3:h:axis:2401_video_server:1.15
-
cpe:2.3:h:axis:2401_video_server:2.20
-
cpe:2.3:h:axis:2401_video_server:2.30
-
cpe:2.3:h:axis:2401_video_server:2.31
-
cpe:2.3:h:axis:2401_video_server:2.32
-
cpe:2.3:h:axis:2401_video_server:2.33
-
cpe:2.3:h:axis:2401_video_server:2.34
-
cpe:2.3:h:axis:2401_video_server:3.12
-
cpe:2.3:h:axis:2401_video_server:3.13
-
cpe:2.3:h:axis:2411_video_server:3.12
-
cpe:2.3:h:axis:2411_video_server:3.13
-
cpe:2.3:h:axis:2420_network_camera:2.12
-
cpe:2.3:h:axis:2420_network_camera:2.30
-
cpe:2.3:h:axis:2420_network_camera:2.31
-
cpe:2.3:h:axis:2420_network_camera:2.32
-
cpe:2.3:h:axis:2420_network_camera:2.33
-
cpe:2.3:h:axis:2420_network_camera:2.34
-
cpe:2.3:h:axis:2420_network_camera:2.40
-
cpe:2.3:h:axis:2420_network_camera:2.41
-
cpe:2.3:h:axis:2420_video_server:2.32
-
cpe:2.3:h:axis:2420_video_server:2.34
-
cpe:2.3:h:axis:2460_network_dvr:-
-
cpe:2.3:h:axis:2460_network_dvr:3.00
-
cpe:2.3:h:axis:2460_network_dvr:3.10
-
cpe:2.3:h:axis:2460_network_dvr:3.11
-
cpe:2.3:h:axis:2460_network_dvr:3.12
-
cpe:2.3:h:axis:2490_serial_server:-
-
cpe:2.3:h:axis:2490_serial_server:2.11.3
-
cpe:2.3:h:axis:250s_video_server:-
-
cpe:2.3:h:axis:250s_video_server:3.02
-
cpe:2.3:h:axis:250s_video_server:3.03
-
cpe:2.3:h:axis:250s_video_server:3.10
-
cpe:2.3:h:axis:storpoint_cd:-