Sign-up

ID

VAR-200709-0161


CVE

CVE-2007-4927


TITLE

AXIS Camera axis-cgi/buffer/command.cgi Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-002640

DESCRIPTION

axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action. Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability. Exploiting these issues may allow an attacker to compromise the device or to prevent other users from using the device. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: AXIS 207W Network Camera Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26831 VERIFY ADVISORY: http://secunia.com/advisories/26831/ CRITICAL: Less critical IMPACT: Cross Site Scripting, DoS WHERE: >From remote OPERATING SYSTEM: Axis Network Camera http://secunia.com/product/908/ DESCRIPTION: Seth Fogie has reported some vulnerabilities in the AXIS 207W Network Camera, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, or by malicious users to cause a DoS (Denial of Service). 1) Input passed to the "camNo" parameter in incl/image_incl.shtml is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. reboot the camera, add a new administrator, or to install a backdoor by enticing a logged-in administrator to visit a malicious site. 3) An unspecified vulnerability exists within the axis-cgi/buffer/command.cgi script. This can be exploited to reboot the vulnerable system by issuing multiple HTTP requests (more than 129) for the affected script with the "do" parameter set to "start" and with an arbitrary value for the "buffername" parameter. Successful exploitation of this vulnerability requires valid user credentials. SOLUTION: Filter traffic to affected devices and do not visit untrusted web sites while being logged in to the device. PROVIDED AND/OR DISCOVERED BY: Seth Fogie, Airscanner Mobile Security ORIGINAL ADVISORY: http://airscanner.com/security/07080701_axis.htm OTHER REFERENCES: http://www.informit.com/articles/article.aspx?p=1016102 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-4927 // JVNDB: JVNDB-2007-002640 // BID: 25678 // VULHUB: VHN-28289 // PACKETSTORM: 59326

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:axismodel:207w network camerascope: - version: -

Trust: 1.4

vendor:axismodel:207w network camerascope:eqversion:*

Trust: 1.0

vendor:axismodel:communications 207w network camerascope:eqversion:0

Trust: 0.3

sources: BID: 25678 // JVNDB: JVNDB-2007-002640 // CNNVD: CNNVD-200709-236 // NVD: CVE-2007-4927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-4927
value: LOW

Trust: 1.0

NVD: CVE-2007-4927
value: LOW

Trust: 0.8

CNNVD: CNNVD-200709-236
value: LOW

Trust: 0.6

VULHUB: VHN-28289
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2007-4927
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-28289
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-28289 // JVNDB: JVNDB-2007-002640 // CNNVD: CNNVD-200709-236 // NVD: CVE-2007-4927

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-28289 // JVNDB: JVNDB-2007-002640 // NVD: CVE-2007-4927

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200709-236

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200709-236

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002640

PATCH
title:Top Pageurl:http://www.axis.com/techsup/software/acc/index.htm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002640

EXTERNAL IDS
db:NVDid:CVE-2007-4927
Trust: 2.9
db:BIDid:25678
Trust: 2.0
db:SECUNIAid:26831
Trust: 1.8
db:SECTRACKid:1018699
Trust: 1.7
db:SREASONid:3145
Trust: 1.7
db:JVNDBid:JVNDB-2007-002640
Trust: 0.8
db:BUGTRAQid:20070915 AXIS 207W WIRELESS CAMERA WEB INTERFACE - MULTIPLE VULNERABILITIES
Trust: 0.6
db:CNNVDid:CNNVD-200709-236
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-28289
Trust: 0.1
db:PACKETSTORMid:59326
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-28289 // 
            
            
            
            BID: 25678 // 
            
            
            
            JVNDB: JVNDB-2007-002640 // 
            
            
            
            PACKETSTORM: 59326 // 
            
            
            
            CNNVD: CNNVD-200709-236 // 
            
            
            
            NVD: CVE-2007-4927

REFERENCES
url:http://airscanner.com/security/07080701_axis.htm
Trust: 1.8
url:http://www.informit.com/articles/article.aspx?p=1016102
Trust: 1.8
url:http://www.securityfocus.com/bid/25678
Trust: 1.7
url:http://www.securitytracker.com/id?1018699
Trust: 1.7
url:http://secunia.com/advisories/26831
Trust: 1.7
url:http://securityreason.com/securityalert/3145
Trust: 1.7
url:http://www.securityfocus.com/archive/1/479600/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4927
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4927
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/479600/100/0/threaded
Trust: 0.6
url:http://www.axis.com/products/cam_207/index.htm
Trust: 0.3
url:http://www.informit.com/articles/article.aspx?p=1016102&seqnum=1
Trust: 0.3
url:/archive/1/479600
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://secunia.com/product/908/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/26831/
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-28289 // 
            
            
            
            BID: 25678 // 
            
            
            
            JVNDB: JVNDB-2007-002640 // 
            
            
            
            PACKETSTORM: 59326 // 
            
            
            
            CNNVD: CNNVD-200709-236 // 
            
            
            
            NVD: CVE-2007-4927

CREDITS
Seth Fogieā€» contact@airscanner.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200709-236

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-28289
db:BIDid:25678
db:JVNDBid:JVNDB-2007-002640
db:PACKETSTORMid:59326
db:CNNVDid:CNNVD-200709-236
db:NVDid:CVE-2007-4927

LAST UPDATE DATE
2025-04-10T21:38:24.707000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-28289date:2018-10-15T00:00:00
db:BIDid:25678date:2016-07-06T14:17:00
db:JVNDBid:JVNDB-2007-002640date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200709-236date:2007-10-08T00:00:00
db:NVDid:CVE-2007-4927date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-28289date:2007-09-18T00:00:00
db:BIDid:25678date:2007-09-14T00:00:00
db:JVNDBid:JVNDB-2007-002640date:2012-06-26T00:00:00
db:PACKETSTORMid:59326date:2007-09-18T14:57:18
db:CNNVDid:CNNVD-200709-236date:2007-09-18T00:00:00
db:NVDid:CVE-2007-4927date:2007-09-18T18:17:00