CVE-2004-2425

Description

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.

Affected products

• axis / 2100_network_camera2.12 – 2.12
• axis / 2100_network_camera2.30 – 2.30
• axis / 2100_network_camera2.31 – 2.31
• axis / 2100_network_camera2.32 – 2.32
• axis / 2100_network_camera2.33 – 2.33
• axis / 2100_network_camera2.34 – 2.34
• axis / 2100_network_camera2.40 – 2.40
• axis / 2100_network_camera2.41 – 2.41
• axis / 2110_network_camera2.12 – 2.12
• axis / 2110_network_camera2.30 – 2.30
• axis / 2110_network_camera2.31 – 2.31
• axis / 2110_network_camera2.32 – 2.32
• axis / 2110_network_camera2.34 – 2.34
• axis / 2110_network_camera2.40 – 2.40
• axis / 2110_network_camera2.41 – 2.41
• axis / 2120_network_camera2.12 – 2.12
• axis / 2120_network_camera2.30 – 2.30
• axis / 2120_network_camera2.31 – 2.31
• axis / 2120_network_camera2.32 – 2.32
• axis / 2120_network_camera2.34 – 2.34
• axis / 2120_network_camera2.40 – 2.40
• axis / 2120_network_camera2.41 – 2.41
• axis / 2130_ptz_network_camera2.30 – 2.30
• axis / 2130_ptz_network_camera2.31 – 2.31
• axis / 2130_ptz_network_camera2.32 – 2.32
• axis / 2130_ptz_network_camera2.34 – 2.34
• axis / 2130_ptz_network_camera2.40 – 2.40
• axis / 230_mpeg2_video_server3.11 – 3.11
• axis / 2400_video_server1.1 – 1.1
• axis / 2400_video_server1.2 – 1.2
• axis / 2400_video_server1.10 – 1.10
• axis / 2400_video_server1.11 – 1.11
• axis / 2400_video_server1.12 – 1.12
• axis / 2400_video_server1.15 – 1.15
• axis / 2400_video_server2.0 – 2.0
• axis / 2400_video_server2.20 – 2.20
• axis / 2400_video_server2.30 – 2.30
• axis / 2400_video_server2.31 – 2.31
• axis / 2400_video_server2.32 – 2.32
• axis / 2400_video_server2.33 – 2.33
• axis / 2400_video_server2.34 – 2.34
• axis / 2400_video_server3.11 – 3.11
• axis / 2400_video_server3.12 – 3.12
• axis / 2401_video_server1.0_1 – 1.0_1
• axis / 2401_video_server1.15 – 1.15
• axis / 2401_video_server2.20 – 2.20
• axis / 2401_video_server2.30 – 2.30
• axis / 2401_video_server2.31 – 2.31
• axis / 2401_video_server2.32 – 2.32
• axis / 2401_video_server2.33 – 2.33
• axis / 2401_video_server2.34 – 2.34
• axis / 2401_video_server3.12 – 3.12
• axis / 2401_video_server3.13 – 3.13
• axis / 2411_video_server3.12 – 3.12
• axis / 2411_video_server3.13 – 3.13
• axis / 2420_network_camera2.12 – 2.12
• axis / 2420_network_camera2.30 – 2.30
• axis / 2420_network_camera2.31 – 2.31
• axis / 2420_network_camera2.32 – 2.32
• axis / 2420_network_camera2.33 – 2.33
• axis / 2420_network_camera2.34 – 2.34
• axis / 2420_network_camera2.40 – 2.40
• axis / 2420_network_camera2.41 – 2.41
• axis / 2420_video_server2.32 – 2.32
• axis / 2420_video_server2.34 – 2.34
• axis / 2460_network_dvr
• axis / 2460_network_dvr3.10 – 3.10
• axis / 2460_network_dvr3.11 – 3.11
• axis / 2490_serial_server
• axis / 2490_serial_server2.11.3 – 2.11.3
• axis / 250s_video_server
• axis / 250s_video_server3.03 – 3.03
• axis / 250s_video_server3.10 – 3.10
• axis / storpoint_cd

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17076
• MISChttp://www.osvdb.org/9121
• MISChttp://www.securityfocus.com/bid/11011
• MISChttp://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/12353
• MISChttp://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html
• MISChttp://securitytracker.com/id?1011056