CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-5212

Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.9%

CVSS Severity

CVSS v2 Score 4.3

References

http://osvdb.org/38795
http://osvdb.org/38796
http://securityreason.com/securityalert/3188
http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf
http://www.securityfocus.com/archive/1/480995/100/0/threaded
http://www.securityfocus.com/bid/25837
http://osvdb.org/38795
http://osvdb.org/38796
http://securityreason.com/securityalert/3188
http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf
http://www.securityfocus.com/archive/1/480995/100/0/threaded
http://www.securityfocus.com/bid/25837

Products affected by CVE-2007-5212

Axis » 2100 Network Camera » Version: 2.02

cpe:2.3:h:axis:2100_network_camera:2.02
Axis » 2100 Network Camera Firmware » Version: Any

cpe:2.3:h:axis:2100_network_camera_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-5212

Products

Pricing

Contact Us