CVE Details for CVE: CVE-2003-0240
Summary
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
| Timestamps | |
|---|---|
| Last major update | 11-07-2017 - 01:29 |
| Published | 09-06-2003 - 04:00 |
| Last modified | 11-07-2017 - 01:29 |
References
- http://www.kb.cert.org/vuls/id/799060
- http://www.securityfocus.com/bid/7652
- http://securitytracker.com/id?1006854
- http://secunia.com/advisories/8876
- http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
- http://www.osvdb.org/4804
- http://marc.info/?l=bugtraq&m=105406374731579&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12104
Vulnerable Configurations
-
cpe:2.3:h:axis:2110_network_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:-:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2120_network_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:-:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2100_network_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:-:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2100_network_camera:2.0:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.0:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2100_network_camera:2.01:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.01:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2100_network_camera:2.02:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.02:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2100_network_camera:2.03:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.03:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:250s_video_server:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:250s_video_server:-:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:250s_video_server:3.02:*:*:*:*:*:*:*
cpe:2.3:h:axis:250s_video_server:3.02:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2130_ptz_network_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:-:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2400_video_server:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:-:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2401_video_server:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:-:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2420_network_camera:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:-:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2460_network_dvr:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:2460_network_dvr:-:*:*:*:*:*:*:*
-
cpe:2.3:h:axis:2460_network_dvr:3.00:*:*:*:*:*:*:*
cpe:2.3:h:axis:2460_network_dvr:3.00:*:*:*:*:*:*:*
CWE
CVSS
Base
10.0
Impact
10.0
Exploitability
10.0
Access
| Vector | Complexity | Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| COMPLETE | COMPLETE | COMPLETE |
CVSS3
None
VIA4 references
cvss-vector
via4
refmap
via4
| bid | 7652 |
| bugtraq | 20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass |
| cert-vn | VU#799060 |
| misc | http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10 |
| osvdb | 4804 |
| sectrack | 1006854 |
| secunia | 8876 |
| xf | axis-admin-authentication-bypass(12104) |