Vulnerabilities > CVE-2003-0240 - Authentication Bypass vulnerability in Axis Network Camera HTTP

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

axis

critical

exploit available

NVD

Published: 2003-06-09

Updated: 2017-07-11

Summary

The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).

Vulnerable Configurations

Part	Description	Count
Hardware	Axis Axis 2100 Network Camera - Axis 2100 Network Camera 2.0 Axis 2100 Network Camera 2.01 Axis 2100 Network Camera 2.02 Axis 2100 Network Camera 2.03 Axis 2100 Network Camera 2.12 Axis 2100 Network Camera 2.30 Axis 2100 Network Camera 2.31 Axis 2100 Network Camera 2.32 Axis 2110 Network Camera - Axis 2110 Network Camera 2.12 Axis 2110 Network Camera 2.30 Axis 2110 Network Camera 2.31 Axis 2110 Network Camera 2.32 Axis 2120 Network Camera - Axis 2120 Network Camera 2.12 Axis 2120 Network Camera 2.30 Axis 2120 Network Camera 2.31 Axis 2120 Network Camera 2.32 Axis 2130 PTZ Network Camera - Axis 2130 PTZ Network Camera 2.30 Axis 2130 PTZ Network Camera 2.31 Axis 2130 PTZ Network Camera 2.32 Axis 2400 Video Server - Axis 2400 Video Server 1.1 Axis 2400 Video Server 1.2 Axis 2400 Video Server 1.10 Axis 2400 Video Server 1.11 Axis 2400 Video Server 1.12 Axis 2400 Video Server 1.15 Axis 2400 Video Server 2.0 Axis 2400 Video Server 2.20 Axis 2400 Video Server 2.30 Axis 2400 Video Server 2.31 Axis 2400 Video Server 2.32 Axis 2401 Video Server - Axis 2401 Video Server 1.0_1 Axis 2401 Video Server 1.15 Axis 2401 Video Server 2.20 Axis 2401 Video Server 2.30 Axis 2401 Video Server 2.31 Axis 2401 Video Server 2.32 Axis 2420 Network Camera - Axis 2420 Network Camera 2.12 Axis 2420 Network Camera 2.30 Axis 2420 Network Camera 2.31 Axis 2420 Network Camera 2.32 Axis 2460 Network DVR - Axis 2460 Network DVR 3.00 Axis 250S Video Server - Axis 250S Video Server 3.02	51

Exploit-Db

description	Axis Network Camera 2.x HTTP Authentication Bypass Vulnerability. CVE-2003-0240. Remote exploit for hardware platform
id	EDB-ID:22626
last seen	2016-02-02
modified	2003-05-27
published	2003-05-27
reporter	Juliano Rizzo
source	https://www.exploit-db.com/download/22626/
title	Axis Network Camera 2.x HTTP Authentication Bypass Vulnerability

Packetstorm

data source	https://packetstormsecurity.com/files/download/31168/core.axis.txt
id	PACKETSTORM:31168
last seen	2016-12-05
published	2003-05-28
reporter	Juliano Rizzo
source	https://packetstormsecurity.com/files/31168/core.axis.txt.html
title	core.axis.txt

Summary

Vulnerable Configurations

Exploit-Db

Packetstorm

References