CVE-2003-0240

Summary

CVE	CVE-2003-0240
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2003-06-09 04:00:00 UTC
Updated	2017-07-11 01:29:00 UTC
Description	The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Axis	2100 Network Camera	All	All	All	All
Hardware	Axis	2110 Network Camera	All	All	All	All
Hardware	Axis	2120 Network Camera	All	All	All	All
Hardware	Axis	2130 Ptz Network Camera	All	All	All	All
Hardware	Axis	2400 Video Server	All	All	All	All
Hardware	Axis	2401 Video Server	All	All	All	All
Hardware	Axis	2420 Network Camera	All	All	All	All
Hardware	Axis	2460 Network Dvr	All	All	All	All
Hardware	Axis	250s Video Server	All	All	All	All

References

Reference	Source	Link	Tags
SecurityTracker.com Archives - Axis Network Camera Web Interface Authentication Flaw Yields Root Access to Remote Users	SECTRACK	securitytracker.com
Page not found \| Core Security	MISC	www.coresecurity.com
Axis Network Camera HTTP Authentication Bypass Vulnerability	BID	www.securityfocus.com
Secunia - Advisories - Axis Network Camera HTTP Authentication Bypass Vulnerability	SECUNIA	secunia.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
'CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass' - MARC	BUGTRAQ	marc.info
4804	OSVDB	www.osvdb.org
CERT/CC Vulnerability Note VU#799060	CERT-VN	www.kb.cert.org	US Government Resource
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.