CVE-2004-2426Path Traversal in 2100 Network Camera

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
1.0%
top 23.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Axis 2100 Network CameraAxis 2110 Network CameraAxis 2120 Network Camera+10 more
Timeline
PublishedDec 31
Latest updateApr 29

Description

Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages13 packages

NVDaxis/2400_video_server15 versions+14
NVDaxis/2401_video_server10 versions+9
NVDaxis/2411_video_server3.12, 3.13+1
NVDaxis/2420_video_server2.32, 2.34+1
NVDaxis/250s_video_server3.03, 3.10+1

Patches

Patch: archives.neohapsis.comPatch: secunia.comPatch: securitytracker.com

🔴Vulnerability Details

2
GHSA
GHSA-qhmj-pfxw-7rwc: Directory traversal vulnerability in Axis Network Camera 22022-04-29
CVEList
CVE-2004-2426: Directory traversal vulnerability in Axis Network Camera 22005-08-18
CVE-2004-2426 — Path Traversal in 2100 Network Camera | cvebase