Vulnerability Details CVE-2007-5213
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 71.9%
CVSS Severity
CVSS v2 Score 9.3
References
- http://osvdb.org/39490
- http://osvdb.org/39491
- http://securityreason.com/securityalert/3188
- http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf
- http://www.securityfocus.com/archive/1/480995/100/0/threaded
- http://www.securityfocus.com/bid/25837
- http://osvdb.org/39490
- http://osvdb.org/39491
- http://securityreason.com/securityalert/3188
- http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf
- http://www.securityfocus.com/archive/1/480995/100/0/threaded
- http://www.securityfocus.com/bid/25837
Products affected by CVE-2007-5213
-
cpe:2.3:h:axis:2100_network_camera:2.02
-
cpe:2.3:h:axis:2100_network_camera_firmware:*