CVE-2007-5212
Summary
| CVE | CVE-2007-5212 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-10-04 23:17:00 UTC |
| Updated | 2018-10-15 21:41:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Axis | 2100 Network Camera | 2.02 | All | All | All |
| Hardware | Axis | 2100 Network Camera | 2.02 | All | All | All |
| Hardware | Axis | 2100 Network Camera Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 38796 | OSVDB | osvdb.org | |
| SecurityReason - Owning Big Brother: How to Crack into Axis IP cameras | SREASON | securityreason.com | |
| Axis Communications 2100 Network Camera Multiple Input Validation Vulnerabilities | BID | www.securityfocus.com | |
| 404 - File or directory not found. | MISC | www.procheckup.com | Exploit |
| 38795 | OSVDB | osvdb.org | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.