Vulnerabilities > CVE-2004-2425 - Multiple vulnerability in Axis Network Camera And Video Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
Vulnerable Configurations
Exploit-Db
| description | Axis Network Camera 2.x And Video Server 1-3 virtualinput.cgi Arbitrary Command Execution. CVE-2004-2425. Webapps exploit for cgi platform |
| id | EDB-ID:24400 |
| last seen | 2016-02-02 |
| modified | 2004-08-23 |
| published | 2004-08-23 |
| reporter | bashis |
| source | https://www.exploit-db.com/download/24400/ |
| title | Axis Network Camera 2.x And Video Server 1-3 - virtualinput.cgi Arbitrary Command Execution |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html
- http://secunia.com/advisories/12353
- http://securitytracker.com/id?1011056
- http://www.osvdb.org/9121
- http://www.securityfocus.com/bid/11011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17076