Vulnerabilities > CVE-2004-2426 - Multiple vulnerability in Axis Network Camera And Video Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
Vulnerable Configurations
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html
- http://secunia.com/advisories/12353
- http://securitytracker.com/id?1011056
- http://www.osvdb.org/9122
- http://www.securityfocus.com/bid/11011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17079