CVE-2004-2426

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-2426
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html Exploit
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html Patch Vendor Advisory
http://secunia.com/advisories/12353 Patch Vendor Advisory
http://securitytracker.com/id?1011056 Exploit Patch
http://www.osvdb.org/9122
http://www.securityfocus.com/bid/11011 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/17079
Configurations

Configuration 1 (hide)

OR cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*
cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*
cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*
cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*
cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*
cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*
cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*
cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*
cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*
cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2017-07-11 01:31

NVD link : CVE-2004-2426

Mitre link : CVE-2004-2426

CVE.ORG link : CVE-2004-2426

JSON object : View

Products Affected

axis

  • 2130_ptz_network_camera
  • 230_mpeg2_video_server
  • 2420_network_camera
  • storpoint_cd
  • 2120_network_camera
  • 2460_network_dvr
  • 2110_network_camera
  • 250s_video_server
  • 2400_video_server
  • 2490_serial_server
  • 2401_video_server
  • 2420_video_server
  • 2100_network_camera
  • 2411_video_server
CWE
NVD-CWE-Other