Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2425

4 documents4 sources

Severity

7.5HIGH

EPSS

25.7%

top 3.76%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Axis 2100 Network Camera Axis 2110 Network Camera Axis 2120 Network Camera +10 more

Timeline

PublishedDec 31

Latest updateApr 29

Description

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages13 packages

▶NVDaxis/2400_video_server15 versions+14

▶NVDaxis/2401_video_server10 versions+9

▶NVDaxis/2411_video_server3.12, 3.13+1

▶NVDaxis/2420_video_server2.32, 2.34+1

▶NVDaxis/250s_video_server3.03, 3.10+1

Patches

Patch: archives.neohapsis.com ↗Patch: secunia.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-cv8j-hpv4-w247: Axis Network Camera 2↗2022-04-29

▶

CVEList

CVE-2004-2425: Axis Network Camera 2↗2005-08-18

▶

💥Exploits & PoCs

Exploit-DB

Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution↗2004-08-23

▶