Details of VAR-200412-0391

ID

VAR-200412-0391

CVE

CVE-2004-2425

TITLE

Axis Network Camera And Video Server Multiple Vulnerabilities

Trust: 0.9

sources: BID: 11011 // CNNVD: CNNVD-200412-1131

DESCRIPTION

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi. Multiple vulnerabilities are reported to reside in multiple Axis network video and camera servers: 1. A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device. Other commands are also likely to work, facilitating other attacks. This issue is reported to affect: - Axis 2100, 2110, 2120, 2420 network cameras with firmware versions 2.34 thru 2.40 - Axis 2130 network cameras - Axis 2401 and 2401 video servers 2. A directory-traversal vulnerability in HTTP POST requests. This attack is demonstrated by an anonymous user calling protected administration scripts. This bypasses authentication checks and gives anonymous users remote adminitration of the devices. This issue is reported to affect: - Axis 2100, 2110, 2120, 2420 network cameras with firmware versions 2.12 thru 2.40 - Axis 2130 network cameras - Axis 2401,and 2401 video servers 3. A hardcoded backdoor administrative-user issue allows remote attackers to administer affected devices. This likely cannot be disabled. This issue is reported to affect: - Axis StorePoint CD E100 CD-ROM Server with firmware version 5.30 Other products and versions of firmware are likely affected by one or more of these vulnerabilities

Trust: 1.26

sources: NVD: CVE-2004-2425 // BID: 11011 // VULHUB: VHN-10853

AFFECTED PRODUCTS

vendor:	axis	model:	2490 serial server	scope:	eq	version:	2.11.3	Trust: 1.6
vendor:	axis	model:	2460 network dvr	scope:	eq	version:	3.11	Trust: 1.6
vendor:	axis	model:	250s video server	scope:	eq	version:	3.03	Trust: 1.6
vendor:	axis	model:	2460 network dvr	scope:	eq	version:	3.10	Trust: 1.6
vendor:	axis	model:	2420 video server	scope:	eq	version:	2.34	Trust: 1.6
vendor:	axis	model:	250s video server	scope:	eq	version:	3.10	Trust: 1.6
vendor:	axis	model:	2460 network dvr	scope:	eq	version:	*	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.31	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	2.30	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.40	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.40	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.41	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	2.33	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	1.15	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	1.12	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	2.31	Trust: 1.0
vendor:	axis	model:	2130 ptz network camera	scope:	eq	version:	2.31	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	1.1	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2411 video server	scope:	eq	version:	3.13	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.12	Trust: 1.0
vendor:	axis	model:	2130 ptz network camera	scope:	eq	version:	2.40	Trust: 1.0
vendor:	axis	model:	250s video server	scope:	eq	version:	*	Trust: 1.0
vendor:	axis	model:	2420 video server	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.31	Trust: 1.0
vendor:	axis	model:	2411 video server	scope:	eq	version:	3.12	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	2.33	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.12	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	1.0_1	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.12	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.40	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	2.20	Trust: 1.0
vendor:	axis	model:	storpoint cd	scope:	eq	version:	*	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	3.12	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	1.2	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	1.15	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	2.31	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2130 ptz network camera	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	1.11	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	3.13	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.12	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	3.12	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.30	Trust: 1.0
vendor:	axis	model:	2490 serial server	scope:	eq	version:	*	Trust: 1.0
vendor:	axis	model:	2401 video server	scope:	eq	version:	2.34	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.30	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	2.20	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.30	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	1.10	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	3.11	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.41	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	2.0	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	2.30	Trust: 1.0
vendor:	axis	model:	2400 video server	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2130 ptz network camera	scope:	eq	version:	2.30	Trust: 1.0
vendor:	axis	model:	2130 ptz network camera	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.33	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.41	Trust: 1.0
vendor:	axis	model:	230 mpeg2 video server	scope:	eq	version:	3.11	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.41	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.31	Trust: 1.0
vendor:	axis	model:	2420 network camera	scope:	eq	version:	2.33	Trust: 1.0
vendor:	axis	model:	2100 network camera	scope:	eq	version:	2.40	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.30	Trust: 1.0
vendor:	axis	model:	2120 network camera	scope:	eq	version:	2.32	Trust: 1.0
vendor:	axis	model:	2110 network camera	scope:	eq	version:	2.31	Trust: 1.0
vendor:	axis	model:	250s video server	scope:	-	version:	-	Trust: 0.6
vendor:	axis	model:	2490 serial server	scope:	-	version:	-	Trust: 0.6
vendor:	axis	model:	2460 network dvr	scope:	-	version:	-	Trust: 0.6
vendor:	axis	model:	storpoint cd	scope:	-	version:	-	Trust: 0.6
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.31	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	ne	version:	2401+3.13	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.32	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.40	Trust: 0.3
vendor:	axis	model:	communications ptz network camera	scope:	eq	version:	21302.40	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.31	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.34	Trust: 0.3
vendor:	axis	model:	communications 250s mpeg-2 video server	scope:	ne	version:	3.20	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24001.02	Trust: 0.3
vendor:	axis	model:	communications ptz network camera	scope:	eq	version:	21302.31	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.32	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24001.15	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	ne	version:	24012.34.1	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.32	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.30	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.32	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24202.32	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.30	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24113.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.32	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.33	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.31	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	2400+3.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	ne	version:	24202.42	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.32	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.41	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.20	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	2401+3.13	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.20	Trust: 0.3
vendor:	axis	model:	communications ptz network camera	scope:	eq	version:	21302.34	Trust: 0.3
vendor:	axis	model:	communications network dvr	scope:	eq	version:	2460	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	ne	version:	24113.13	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	ne	version:	21302.42	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.34	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.30	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.41	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	ne	version:	2400+3.13	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.34	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.33	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.31	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24002.0	Trust: 0.3
vendor:	axis	model:	communications 250s mpeg-2 video server	scope:	eq	version:	3.10	Trust: 0.3
vendor:	axis	model:	communications serial server	scope:	eq	version:	2490	Trust: 0.3
vendor:	axis	model:	communications ptz network camera	scope:	eq	version:	21302.32	Trust: 0.3
vendor:	axis	model:	communications mpeg-2 video server	scope:	ne	version:	2303.20	Trust: 0.3
vendor:	axis	model:	communications 250s video server	scope:	eq	version:	3.03	Trust: 0.3
vendor:	axis	model:	communications blade video server	scope:	ne	version:	2401+3.13	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	ne	version:	21202.42	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24001.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	ne	version:	21002.42	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24011.01	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	2400+3.11	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	ne	version:	24002.34.1	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.33	Trust: 0.3
vendor:	axis	model:	communications network dvr	scope:	eq	version:	24603.10	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.12	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24113.13	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.40	Trust: 0.3
vendor:	axis	model:	communications network dvr	scope:	eq	version:	24603.11	Trust: 0.3
vendor:	axis	model:	communications mpeg-2 video server 250s	scope:	-	version:	-	Trust: 0.3
vendor:	axis	model:	communications storpoint cd	scope:	-	version:	-	Trust: 0.3
vendor:	axis	model:	communications serial server	scope:	eq	version:	24902.11.3	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.34	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24001.10	Trust: 0.3
vendor:	axis	model:	communications blade video server	scope:	eq	version:	2400+3.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.41	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.34	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	ne	version:	21102.42	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.40	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	2401+3.12	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24001.11	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24011.15	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21002.33	Trust: 0.3
vendor:	axis	model:	communications blade video server	scope:	ne	version:	2400+3.13	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24202.34	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.31	Trust: 0.3
vendor:	axis	model:	communications ptz network camera	scope:	eq	version:	21302.30	Trust: 0.3
vendor:	axis	model:	communications digital video recorder	scope:	ne	version:	24603.13	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24001.01	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.12	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.34	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.30	Trust: 0.3
vendor:	axis	model:	communications video server	scope:	eq	version:	24012.30	Trust: 0.3
vendor:	axis	model:	communications mpeg-2 video server	scope:	eq	version:	2303.11	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21202.41	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.40	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	21102.31	Trust: 0.3
vendor:	axis	model:	communications network camera	scope:	eq	version:	24202.30	Trust: 0.3
vendor:	axis	model:	communications blade video server	scope:	eq	version:	2401+3.12	Trust: 0.3

sources: BID: 11011 // NVD: CVE-2004-2425 // CNNVD: CNNVD-200412-1131

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2004-2425
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200412-1131
value:	HIGH
Trust: 0.6
VULHUB:	VHN-10853
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	TRUE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10853
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10853 // NVD: CVE-2004-2425 // CNNVD: CNNVD-200412-1131

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2425

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-1131

TYPE

Design Error

Trust: 0.9

sources: BID: 11011 // CNNVD: CNNVD-200412-1131

CONFIGURATIONS

sources: NVD: CVE-2004-2425

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-10853

EXTERNAL IDS

db:	BID	id:	11011	Trust: 2.0
db:	SECTRACK	id:	1011056	Trust: 1.7
db:	SECUNIA	id:	12353	Trust: 1.7
db:	OSVDB	id:	9121	Trust: 1.7
db:	NVD	id:	CVE-2004-2425	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-1131	Trust: 0.7
db:	FULLDISC	id:	20040831 AXIS NETWORK CAMERA AND VIDEO SERVER SECURITY ADVISORY	Trust: 0.6
db:	FULLDISC	id:	20040822 [POC] NASTY BUG(S) FOUND IN AXIS NETWORK CAMERA/VIDEO SERVERS	Trust: 0.6
db:	XF	id:	17076	Trust: 0.6
db:	EXPLOIT-DB	id:	24400	Trust: 0.1
db:	SEEBUG	id:	SSVID-78132	Trust: 0.1
db:	VULHUB	id:	VHN-10853	Trust: 0.1

sources: VULHUB: VHN-10853 // BID: 11011 // NVD: CVE-2004-2425 // CNNVD: CNNVD-200412-1131

REFERENCES

url:	http://www.securityfocus.com/bid/11011	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html	Trust: 1.7
url:	http://www.osvdb.org/9121	Trust: 1.7
url:	http://securitytracker.com/id?1011056	Trust: 1.7
url:	http://secunia.com/advisories/12353	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17076	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/17076	Trust: 0.6
url:	http://www.axis.com/products/camera_servers/index.htm	Trust: 0.3
url:	/archive/1/372643	Trust: 0.3
url:	/archive/1/372630	Trust: 0.3

sources: VULHUB: VHN-10853 // BID: 11011 // NVD: CVE-2004-2425 // CNNVD: CNNVD-200412-1131

CREDITS

bashis

Trust: 0.6

sources: CNNVD: CNNVD-200412-1131

SOURCES

db:	VULHUB	id:	VHN-10853
db:	BID	id:	11011
db:	NVD	id:	CVE-2004-2425
db:	CNNVD	id:	CNNVD-200412-1131

LAST UPDATE DATE

2023-12-18T12:47:25.318000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10853	date:	2017-07-11T00:00:00
db:	BID	id:	11011	date:	2007-02-06T20:08:00
db:	NVD	id:	CVE-2004-2425	date:	2017-07-11T01:31:53.107
db:	CNNVD	id:	CNNVD-200412-1131	date:	2005-10-20T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10853	date:	2004-12-31T00:00:00
db:	BID	id:	11011	date:	2004-08-23T00:00:00
db:	NVD	id:	CVE-2004-2425	date:	2004-12-31T05:00:00
db:	CNNVD	id:	CNNVD-200412-1131	date:	2004-12-31T00:00:00