Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0240

4 documents4 sources

Severity

10.0CRITICAL

EPSS

9.4%

top 7.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Axis 2100 Network Camera Axis 2110 Network Camera Axis 2120 Network Camera +6 more

Timeline

PublishedJun 9

Latest updateApr 29

Description

The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages9 packages

▶NVDaxis/2100_network_camera2.32

▶NVDaxis/2110_network_camera2.32

▶NVDaxis/2120_network_camera2.32

▶NVDaxis/2420_network_camera2.32

▶NVDaxis/2130_ptz_network_camera2.32

🔴Vulnerability Details

GHSA

GHSA-2q8p-5vh9-5vxj: The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify conf↗2022-04-29

▶

CVEList

CVE-2003-0240: The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify conf↗2003-05-30

▶

💥Exploits & PoCs

Exploit-DB

Axis Network Camera 2.x - HTTP Authentication Bypass↗2003-05-27

▶