CVE-2003-0240

Description

The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).

Affected products

• axis / 2100_network_camera2.32
• axis / 2110_network_camera2.32
• axis / 2120_network_camera2.32
• axis / 2130_ptz_network_camera2.32
• axis / 2400_video_server2.32
• axis / 2401_video_server2.32
• axis / 2420_network_camera2.32
• axis / 2460_network_dvr3.00
• axis / 250s_video_server3.02

References

• MISChttp://securitytracker.com/id?1006854
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/12104
• MISChttp://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
• MISChttp://www.securityfocus.com/bid/7652
• MAILING_LISThttp://marc.info/?l=bugtraq&m=105406374731579&w=2
• MISChttp://www.kb.cert.org/vuls/id/799060
• MISChttp://www.osvdb.org/4804
• VENDOR_ADVISORYhttp://secunia.com/advisories/8876