Details of VAR-200709-0164

ID

VAR-200709-0164

CVE

CVE-2007-4930

TITLE

AXIS camera Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2007-002643

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml. Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability. Exploiting these issues may allow an attacker to compromise the device or to prevent other users from using the device. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: AXIS 207W Network Camera Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26831 VERIFY ADVISORY: http://secunia.com/advisories/26831/ CRITICAL: Less critical IMPACT: Cross Site Scripting, DoS WHERE: >From remote OPERATING SYSTEM: Axis Network Camera http://secunia.com/product/908/ DESCRIPTION: Seth Fogie has reported some vulnerabilities in the AXIS 207W Network Camera, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, or by malicious users to cause a DoS (Denial of Service). 1) Input passed to the "camNo" parameter in incl/image_incl.shtml is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. reboot the camera, add a new administrator, or to install a backdoor by enticing a logged-in administrator to visit a malicious site. 3) An unspecified vulnerability exists within the axis-cgi/buffer/command.cgi script. This can be exploited to reboot the vulnerable system by issuing multiple HTTP requests (more than 129) for the affected script with the "do" parameter set to "start" and with an arbitrary value for the "buffername" parameter. Successful exploitation of this vulnerability requires valid user credentials. SOLUTION: Filter traffic to affected devices and do not visit untrusted web sites while being logged in to the device. PROVIDED AND/OR DISCOVERED BY: Seth Fogie, Airscanner Mobile Security ORIGINAL ADVISORY: http://airscanner.com/security/07080701_axis.htm OTHER REFERENCES: http://www.informit.com/articles/article.aspx?p=1016102 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-4930 // JVNDB: JVNDB-2007-002643 // BID: 25678 // VULHUB: VHN-28292 // PACKETSTORM: 59326

IOT TAXONOMY

category:

['camera device']

sub_category:

camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	axis	model:	207w network camera	scope:	-	version:	-	Trust: 1.4
vendor:	axis	model:	207w network camera	scope:	eq	version:	*	Trust: 1.0
vendor:	axis	model:	communications 207w network camera	scope:	eq	version:	0	Trust: 0.3

sources: BID: 25678 // JVNDB: JVNDB-2007-002643 // CNNVD: CNNVD-200709-239 // NVD: CVE-2007-4930

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-4930
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-4930
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200709-239
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-28292
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-4930
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-28292
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28292 // JVNDB: JVNDB-2007-002643 // CNNVD: CNNVD-200709-239 // NVD: CVE-2007-4930

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-28292 // JVNDB: JVNDB-2007-002643 // NVD: CVE-2007-4930

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200709-239

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-200709-239

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002643

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-28292

PATCH

title:

Top Page

url:

http://www.axis.com/techsup/software/acc/index.htm

Trust: 0.8

sources: JVNDB: JVNDB-2007-002643

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4930	Trust: 2.9
db:	BID	id:	25678	Trust: 2.0
db:	SECUNIA	id:	26831	Trust: 1.8
db:	SECTRACK	id:	1018699	Trust: 1.7
db:	SREASON	id:	3145	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002643	Trust: 0.8
db:	BUGTRAQ	id:	20070915 AXIS 207W WIRELESS CAMERA WEB INTERFACE - MULTIPLE VULNERABILITIES	Trust: 0.6
db:	CNNVD	id:	CNNVD-200709-239	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	EXPLOIT-DB	id:	30586	Trust: 0.1
db:	EXPLOIT-DB	id:	30587	Trust: 0.1
db:	EXPLOIT-DB	id:	30585	Trust: 0.1
db:	SEEBUG	id:	SSVID-83962	Trust: 0.1
db:	SEEBUG	id:	SSVID-83961	Trust: 0.1
db:	VULHUB	id:	VHN-28292	Trust: 0.1
db:	PACKETSTORM	id:	59326	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-28292 // BID: 25678 // JVNDB: JVNDB-2007-002643 // PACKETSTORM: 59326 // CNNVD: CNNVD-200709-239 // NVD: CVE-2007-4930

REFERENCES

url:	http://airscanner.com/security/07080701_axis.htm	Trust: 1.8
url:	http://www.informit.com/articles/article.aspx?p=1016102	Trust: 1.8
url:	http://www.securityfocus.com/bid/25678	Trust: 1.7
url:	http://www.securitytracker.com/id?1018699	Trust: 1.7
url:	http://secunia.com/advisories/26831	Trust: 1.7
url:	http://securityreason.com/securityalert/3145	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/479600/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4930	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4930	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/479600/100/0/threaded	Trust: 0.6
url:	http://www.axis.com/products/cam_207/index.htm	Trust: 0.3
url:	http://www.informit.com/articles/article.aspx?p=1016102&seqnum=1	Trust: 0.3
url:	/archive/1/479600	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/product/908/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/26831/	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-28292 // BID: 25678 // JVNDB: JVNDB-2007-002643 // PACKETSTORM: 59326 // CNNVD: CNNVD-200709-239 // NVD: CVE-2007-4930

CREDITS

Seth Fogie※ contact@airscanner.com

Trust: 0.6

sources: CNNVD: CNNVD-200709-239

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-28292
db:	BID	id:	25678
db:	JVNDB	id:	JVNDB-2007-002643
db:	PACKETSTORM	id:	59326
db:	CNNVD	id:	CNNVD-200709-239
db:	NVD	id:	CVE-2007-4930

LAST UPDATE DATE

2025-04-10T20:40:49.682000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28292	date:	2018-10-15T00:00:00
db:	BID	id:	25678	date:	2016-07-06T14:17:00
db:	JVNDB	id:	JVNDB-2007-002643	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200709-239	date:	2007-10-04T00:00:00
db:	NVD	id:	CVE-2007-4930	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28292	date:	2007-09-18T00:00:00
db:	BID	id:	25678	date:	2007-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2007-002643	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	59326	date:	2007-09-18T14:57:18
db:	CNNVD	id:	CNNVD-200709-239	date:	2007-09-18T00:00:00
db:	NVD	id:	CVE-2007-4930	date:	2007-09-18T18:17:00