Summary
Detail | |||
---|---|---|---|
Vendor | Axis | First view | 2004-12-31 |
Product | 2420 Network Camera | Last view | 2007-05-07 |
Version | 2.34 | Type | Hardware |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:h:axis:2420_network_camera |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.3 | 2007-05-07 | CVE-2007-2239 | Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument. |
10 | 2004-12-31 | CVE-2004-2427 | Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi. |
5 | 2004-12-31 | CVE-2004-2426 | Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi. |
7.5 | 2004-12-31 | CVE-2004-2425 | Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi. |
5 | 2004-12-31 | CVE-2004-0789 | Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet. |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
35602 | AXIS Camera Control (aka CamImage) AxisCamControl.ocx ActiveX SaveBMP Method ... |
11575 | Multiple Vendor DNS Spoofed Query Packet Remote DoS |
9130 | Axis Network Camera/Video Server factorydefault.cgi System Parameter Modifica... |
9129 | Axis Network Camera/Video Server paramlist.cgi Information Disclosure |
9128 | Axis Network Camera/Video Server restart.cgi DoS |
9127 | Axis Network Camera/Video Server serverreport.cgi Information Disclosure |
9126 | Axis Network Camera/Video Server systemlog.cgi Information Disclosure |
9125 | Axis Network Camera/Video Server setparam.cgi System Parameter Modification |
9123 | Axis Network Camera/Video Server getparam.cgi Information Disclosure |
9122 | Axis Network Camera/Video Server editcgi.cgi Arbitrary File Modification |
9121 | Axis Network Camera/Video Server virtualinput.cgi Arbitrary Command Execution |
OpenVAS Exploits
id | Description |
---|---|
2005-11-03 | Name : Multiple Vendor DNS Response Flooding Denial Of Service File : nvt/dns_response_flood.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2007-05-08 | Name: The remote Windows host has an ActiveX control that is affected by a buffer o... File: axis_camimage_savebmp_overflow.nasl - Type: ACT_GATHER_INFO |
2004-11-18 | Name: The remote DNS server is vulnerable to a denial of service attack. File: dns_response_flood.nasl - Type: ACT_ATTACK |