Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5212

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5212
Last Modified 03 Jan 2013 12:00:00
Published 04 Oct 2007 07:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5212

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.

Vulnerable Systems


References

BID - 25837

BUGTRAQ - 20070928 Owning Big Brother: How to Crack into Axis IP cameras

MISC - http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf

OSVDB - 38796

OSVDB - 38795

SREASON - 3188


Last Updated: 27 May 2016 11:01:32