CVEbuzz logo
This website displays data collected from external sources, and is not responsible for any aspect of it. Read more...

Security / vulnerability advisories for Axis Communications AXIS 2130 PTZ Network Camera 2.34

Titles listed in dictionary

CPE for product: cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*

Showing 1-4 of 4
Maximal damage 9.3
Easy to exploit
(other affected products) Published: Mon May 7 19:19:00 2007 UTC. Last Modified: Sat Jul 29 01:31:00 2017 UTC
CPE matches: cpe:2.3:h:axis:2130_ptz_network_camera:*:*:*:*:*:*:*:* && versionEndIncluding=2.39

Description

Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.

Damage

Attack conditions

Damage and attack conditions obtained from AV:N/AC:M/Au:N/C:C/I:C/A:C (CVSSv2)

References

Maximal damage 10
Very easy to exploit
(other affected products) Published: Fri Dec 31 05:00:00 2004 UTC. Last Modified: Fri Sep 5 20:44:00 2008 UTC
CPE matches: cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*

Description

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.

Damage

Attack conditions

Damage and attack conditions obtained from AV:N/AC:L/Au:N/C:C/I:C/A:C (CVSSv2)

References

Low damage 5
Very easy to exploit
(other affected products) Published: Fri Dec 31 05:00:00 2004 UTC. Last Modified: Tue Jul 11 01:31:00 2017 UTC
CPE matches: cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*

Description

Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.

Damage

Attack conditions

Damage and attack conditions obtained from AV:N/AC:L/Au:N/C:N/I:P/A:N (CVSSv2)

References

Medium damage 7.5
Very easy to exploit
(other affected products) Published: Fri Dec 31 05:00:00 2004 UTC. Last Modified: Tue Jul 11 01:31:00 2017 UTC
CPE matches: cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*

Description

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.

Damage

Attack conditions

Damage and attack conditions obtained from AV:N/AC:L/Au:N/C:P/I:P/A:P (CVSSv2)

References