NVD Vulnerability Detail

CVE-2004-2426

Summary	Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
Publication Date	Dec. 31, 2004, 2 p.m.
Registration Date	Jan. 29, 2021, 6:01 p.m.
Last Update	July 11, 2017, 10:31 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:axis:2100_network_camera:2.12:::::::*
cpe:2.3:h:axis:2100_network_camera:2.30:::::::*
cpe:2.3:h:axis:2100_network_camera:2.31:::::::*
cpe:2.3:h:axis:2100_network_camera:2.32:::::::*
cpe:2.3:h:axis:2100_network_camera:2.33:::::::*
cpe:2.3:h:axis:2100_network_camera:2.34:::::::*
cpe:2.3:h:axis:2100_network_camera:2.40:::::::*
cpe:2.3:h:axis:2100_network_camera:2.41:::::::*
cpe:2.3:h:axis:2110_network_camera:2.12:::::::*
cpe:2.3:h:axis:2110_network_camera:2.30:::::::*
cpe:2.3:h:axis:2110_network_camera:2.31:::::::*
cpe:2.3:h:axis:2110_network_camera:2.32:::::::*
cpe:2.3:h:axis:2110_network_camera:2.34:::::::*
cpe:2.3:h:axis:2110_network_camera:2.40:::::::*
cpe:2.3:h:axis:2110_network_camera:2.41:::::::*
cpe:2.3:h:axis:2120_network_camera:2.12:::::::*
cpe:2.3:h:axis:2120_network_camera:2.30:::::::*
cpe:2.3:h:axis:2120_network_camera:2.31:::::::*
cpe:2.3:h:axis:2120_network_camera:2.32:::::::*
cpe:2.3:h:axis:2120_network_camera:2.34:::::::*
cpe:2.3:h:axis:2120_network_camera:2.40:::::::*
cpe:2.3:h:axis:2120_network_camera:2.41:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.30:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.31:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.32:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.34:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.40:::::::*
cpe:2.3:h:axis:230_mpeg2_video_server:3.11:::::::*
cpe:2.3:h:axis:2400_video_server:1.1:::::::*
cpe:2.3:h:axis:2400_video_server:1.2:::::::*
cpe:2.3:h:axis:2400_video_server:1.10:::::::*
cpe:2.3:h:axis:2400_video_server:1.11:::::::*
cpe:2.3:h:axis:2400_video_server:1.12:::::::*
cpe:2.3:h:axis:2400_video_server:1.15:::::::*
cpe:2.3:h:axis:2400_video_server:2.0:::::::*
cpe:2.3:h:axis:2400_video_server:2.20:::::::*
cpe:2.3:h:axis:2400_video_server:2.30:::::::*
cpe:2.3:h:axis:2400_video_server:2.31:::::::*
cpe:2.3:h:axis:2400_video_server:2.32:::::::*
cpe:2.3:h:axis:2400_video_server:2.33:::::::*
cpe:2.3:h:axis:2400_video_server:2.34:::::::*
cpe:2.3:h:axis:2400_video_server:3.11:::::::*
cpe:2.3:h:axis:2400_video_server:3.12:::::::*
cpe:2.3:h:axis:2401_video_server:1.0_1:::::::*
cpe:2.3:h:axis:2401_video_server:1.15:::::::*
cpe:2.3:h:axis:2401_video_server:2.20:::::::*
cpe:2.3:h:axis:2401_video_server:2.30:::::::*
cpe:2.3:h:axis:2401_video_server:2.31:::::::*
cpe:2.3:h:axis:2401_video_server:2.32:::::::*
cpe:2.3:h:axis:2401_video_server:2.33:::::::*
cpe:2.3:h:axis:2401_video_server:2.34:::::::*
cpe:2.3:h:axis:2401_video_server:3.12:::::::*
cpe:2.3:h:axis:2401_video_server:3.13:::::::*
cpe:2.3:h:axis:2411_video_server:3.12:::::::*
cpe:2.3:h:axis:2411_video_server:3.13:::::::*
cpe:2.3:h:axis:2420_network_camera:2.12:::::::*
cpe:2.3:h:axis:2420_network_camera:2.30:::::::*
cpe:2.3:h:axis:2420_network_camera:2.31:::::::*
cpe:2.3:h:axis:2420_network_camera:2.32:::::::*
cpe:2.3:h:axis:2420_network_camera:2.33:::::::*
cpe:2.3:h:axis:2420_network_camera:2.34:::::::*
cpe:2.3:h:axis:2420_network_camera:2.40:::::::*
cpe:2.3:h:axis:2420_network_camera:2.41:::::::*
cpe:2.3:h:axis:2420_video_server:2.32:::::::*
cpe:2.3:h:axis:2420_video_server:2.34:::::::*
cpe:2.3:h:axis:2460_network_dvr::::::::
cpe:2.3:h:axis:2460_network_dvr:3.10:::::::*
cpe:2.3:h:axis:2460_network_dvr:3.11:::::::*
cpe:2.3:h:axis:2490_serial_server::::::::
cpe:2.3:h:axis:2490_serial_server:2.11.3:::::::*
cpe:2.3:h:axis:250s_video_server::::::::
cpe:2.3:h:axis:250s_video_server:3.03:::::::*
cpe:2.3:h:axis:250s_video_server:3.10:::::::*
cpe:2.3:h:axis:storpoint_cd::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html	FULLDISC	Exploit
2	http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html	FULLDISC	Patch Vendor Advisory
3	http://secunia.com/advisories/12353	SECUNIA	Patch Vendor Advisory
4	http://securitytracker.com/id?1011056	SECTRACK	Exploit Patch
5	http://www.osvdb.org/9122	OSVDB
6	http://www.securityfocus.com/bid/11011	BID	Patch
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/17079	XF

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:axis:2100_network_camera:2.12:::::::*
cpe:2.3:h:axis:2100_network_camera:2.30:::::::*
cpe:2.3:h:axis:2100_network_camera:2.31:::::::*
cpe:2.3:h:axis:2100_network_camera:2.32:::::::*
cpe:2.3:h:axis:2100_network_camera:2.33:::::::*
cpe:2.3:h:axis:2100_network_camera:2.34:::::::*
cpe:2.3:h:axis:2100_network_camera:2.40:::::::*
cpe:2.3:h:axis:2100_network_camera:2.41:::::::*
cpe:2.3:h:axis:2110_network_camera:2.12:::::::*
cpe:2.3:h:axis:2110_network_camera:2.30:::::::*
cpe:2.3:h:axis:2110_network_camera:2.31:::::::*
cpe:2.3:h:axis:2110_network_camera:2.32:::::::*
cpe:2.3:h:axis:2110_network_camera:2.34:::::::*
cpe:2.3:h:axis:2110_network_camera:2.40:::::::*
cpe:2.3:h:axis:2110_network_camera:2.41:::::::*
cpe:2.3:h:axis:2120_network_camera:2.12:::::::*
cpe:2.3:h:axis:2120_network_camera:2.30:::::::*
cpe:2.3:h:axis:2120_network_camera:2.31:::::::*
cpe:2.3:h:axis:2120_network_camera:2.32:::::::*
cpe:2.3:h:axis:2120_network_camera:2.34:::::::*
cpe:2.3:h:axis:2120_network_camera:2.40:::::::*
cpe:2.3:h:axis:2120_network_camera:2.41:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.30:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.31:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.32:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.34:::::::*
cpe:2.3:h:axis:2130_ptz_network_camera:2.40:::::::*
cpe:2.3:h:axis:230_mpeg2_video_server:3.11:::::::*
cpe:2.3:h:axis:2400_video_server:1.1:::::::*
cpe:2.3:h:axis:2400_video_server:1.2:::::::*
cpe:2.3:h:axis:2400_video_server:1.10:::::::*
cpe:2.3:h:axis:2400_video_server:1.11:::::::*
cpe:2.3:h:axis:2400_video_server:1.12:::::::*
cpe:2.3:h:axis:2400_video_server:1.15:::::::*
cpe:2.3:h:axis:2400_video_server:2.0:::::::*
cpe:2.3:h:axis:2400_video_server:2.20:::::::*
cpe:2.3:h:axis:2400_video_server:2.30:::::::*
cpe:2.3:h:axis:2400_video_server:2.31:::::::*
cpe:2.3:h:axis:2400_video_server:2.32:::::::*
cpe:2.3:h:axis:2400_video_server:2.33:::::::*
cpe:2.3:h:axis:2400_video_server:2.34:::::::*
cpe:2.3:h:axis:2400_video_server:3.11:::::::*
cpe:2.3:h:axis:2400_video_server:3.12:::::::*
cpe:2.3:h:axis:2401_video_server:1.0_1:::::::*
cpe:2.3:h:axis:2401_video_server:1.15:::::::*
cpe:2.3:h:axis:2401_video_server:2.20:::::::*
cpe:2.3:h:axis:2401_video_server:2.30:::::::*
cpe:2.3:h:axis:2401_video_server:2.31:::::::*
cpe:2.3:h:axis:2401_video_server:2.32:::::::*
cpe:2.3:h:axis:2401_video_server:2.33:::::::*
cpe:2.3:h:axis:2401_video_server:2.34:::::::*
cpe:2.3:h:axis:2401_video_server:3.12:::::::*
cpe:2.3:h:axis:2401_video_server:3.13:::::::*
cpe:2.3:h:axis:2411_video_server:3.12:::::::*
cpe:2.3:h:axis:2411_video_server:3.13:::::::*
cpe:2.3:h:axis:2420_network_camera:2.12:::::::*
cpe:2.3:h:axis:2420_network_camera:2.30:::::::*
cpe:2.3:h:axis:2420_network_camera:2.31:::::::*
cpe:2.3:h:axis:2420_network_camera:2.32:::::::*
cpe:2.3:h:axis:2420_network_camera:2.33:::::::*
cpe:2.3:h:axis:2420_network_camera:2.34:::::::*
cpe:2.3:h:axis:2420_network_camera:2.40:::::::*
cpe:2.3:h:axis:2420_network_camera:2.41:::::::*
cpe:2.3:h:axis:2420_video_server:2.32:::::::*
cpe:2.3:h:axis:2420_video_server:2.34:::::::*
cpe:2.3:h:axis:2460_network_dvr::::::::
cpe:2.3:h:axis:2460_network_dvr:3.10:::::::*
cpe:2.3:h:axis:2460_network_dvr:3.11:::::::*
cpe:2.3:h:axis:2490_serial_server::::::::
cpe:2.3:h:axis:2490_serial_server:2.11.3:::::::*
cpe:2.3:h:axis:250s_video_server::::::::
cpe:2.3:h:axis:250s_video_server:3.03:::::::*
cpe:2.3:h:axis:250s_video_server:3.10:::::::*
cpe:2.3:h:axis:storpoint_cd::::::::