CVE-2004-2427 — 2100 Network Camera vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

4.8%

top 10.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Axis 2100 Network Camera Axis 2110 Network Camera Axis 2120 Network Camera +10 more

Timeline

PublishedDec 31

Latest updateApr 29

Description

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages13 packages

▶NVDaxis/2400_video_server15 versions+14

▶NVDaxis/2401_video_server10 versions+9

▶NVDaxis/2411_video_server3.12, 3.13+1

▶NVDaxis/2420_video_server2.32, 2.34+1

▶NVDaxis/250s_video_server3.03, 3.10+1

Patches

Patch: www.osvdb.org ↗Patch: www.osvdb.org ↗

🔴Vulnerability Details

GHSA

GHSA-ffg4-rw8m-pqqv: Axis Network Camera 2↗2022-04-29

▶

CVEList

CVE-2004-2427: Axis Network Camera 2↗2005-08-18

▶