ID

VAR-200709-0163

CVE

CVE-2007-4929

TITLE

AXIS Cross-site scripting vulnerability in cameras

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors. 207W Network Camera is prone to a cross-site scripting vulnerability. AXIS 207W is a network camera that provides wireless IEEE802.11g and Ethernet interfaces. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: AXIS 207W Network Camera Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26831 VERIFY ADVISORY: http://secunia.com/advisories/26831/ CRITICAL: Less critical IMPACT: Cross Site Scripting, DoS WHERE: >From remote OPERATING SYSTEM: Axis Network Camera http://secunia.com/product/908/ DESCRIPTION: Seth Fogie has reported some vulnerabilities in the AXIS 207W Network Camera, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, or by malicious users to cause a DoS (Denial of Service). 1) Input passed to the "camNo" parameter in incl/image_incl.shtml is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. reboot the camera, add a new administrator, or to install a backdoor by enticing a logged-in administrator to visit a malicious site. 3) An unspecified vulnerability exists within the axis-cgi/buffer/command.cgi script. This can be exploited to reboot the vulnerable system by issuing multiple HTTP requests (more than 129) for the affected script with the "do" parameter set to "start" and with an arbitrary value for the "buffername" parameter. Successful exploitation of this vulnerability requires valid user credentials. SOLUTION: Filter traffic to affected devices and do not visit untrusted web sites while being logged in to the device. PROVIDED AND/OR DISCOVERED BY: Seth Fogie, Airscanner Mobile Security ORIGINAL ADVISORY: http://airscanner.com/security/07080701_axis.htm OTHER REFERENCES: http://www.informit.com/articles/article.aspx?p=1016102 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

IOT TAXONOMY

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

XSS

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Seth Fogie※ contact@airscanner.com

SOURCES

LAST UPDATE DATE

2025-04-10T20:53:09.785000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE