Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Axis
  • 2100 Network Camera
  • 2110 Network Camera
  • 2120 Network Camera
  • 2130 Ptz Network Camera
  • 230 Mpeg2 Video Server
  • 2400 Video Server
  • 2401 Video Server
  • 2411 Video Server
  • 2420 Network Camera
  • 2420 Video Server
  • 2460 Network Dvr
  • 2490 Serial Server
  • 250s Video Server
  • Storpoint Cd

Configuration 1 [-]

OR cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*
cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*
cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*
cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*
cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*
cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*
cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*
cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*
cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*
cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*
cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*
cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*
cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*

No data.

References
Link Providers
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html cve-icon cve-icon
http://securitytracker.com/id?1011056 cve-icon cve-icon
http://www.osvdb.org/9123 cve-icon cve-icon
http://www.osvdb.org/9125 cve-icon cve-icon
http://www.osvdb.org/9126 cve-icon cve-icon
http://www.osvdb.org/9127 cve-icon cve-icon
http://www.osvdb.org/9128 cve-icon cve-icon
http://www.osvdb.org/9129 cve-icon cve-icon
http://www.osvdb.org/9130 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-18T04:00:00

Updated: 2024-08-08T01:29:12.882Z

Reserved: 2005-08-18T00:00:00

Link: CVE-2004-2427

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2004-12-31T05:00:00.000

Modified: 2008-09-05T20:44:06.610

Link: CVE-2004-2427

cve-icon Redhat

No data.