Vulnerabilities > CVE-2004-2425 - Unspecified vulnerability in Axis products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN axis
exploit available
Summary
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
Vulnerable Configurations
Exploit-Db
| description | Axis Network Camera 2.x And Video Server 1-3 virtualinput.cgi Arbitrary Command Execution. CVE-2004-2425. Webapps exploit for cgi platform |
| id | EDB-ID:24400 |
| last seen | 2016-02-02 |
| modified | 2004-08-23 |
| published | 2004-08-23 |
| reporter | bashis |
| source | https://www.exploit-db.com/download/24400/ |
| title | Axis Network Camera 2.x And Video Server 1-3 - virtualinput.cgi Arbitrary Command Execution |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html
- http://secunia.com/advisories/12353
- http://secunia.com/advisories/12353
- http://securitytracker.com/id?1011056
- http://securitytracker.com/id?1011056
- http://www.osvdb.org/9121
- http://www.osvdb.org/9121
- http://www.securityfocus.com/bid/11011
- http://www.securityfocus.com/bid/11011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17076