AXIS 250S Video Server versions 3.02 and previous AXIS 2460 Network DVR versions 3.00 and previous AXIS 2420 Network Camera versions 2.32 and previous AXIS 2401 Video Server versions 2.32 and previous AXIS 2400 Video Server versions 2.32 and previous AXIS 2130 PTZ Network Camera versions 2.32 and previous AXIS 2120 Network Camera versions 2.32 and previous AXIS 2110 Network Camera versions 2.32 and previous AXIS 2100 Network Camera versions 2.32 and previous Using this vulnerability, an attacker can reset the root password, then enable the telnet server by modifying configuration files, giving the attacker interactive access to a Unix like command line, allowing her to execute arbitrary commands as root. We have discovered the following security vulnerability: by accessing (notice the double slash) the authentication for "admin" is bypassed and an attacker gains direct access to the configuration. For more information see Īfter setting up the Axis Camera, the user is provided with Web-based Administration Tools for configuring and managing the camera by accessing which requires a username and password. LAN/intranet/Internet), enabling users to remotely view and/or manage the camera from a Web browser on any computer. Fixed versions available for all affected products: Īn Axis Network Camera captures and transmits live images directly over an IP network (e.g. 2.34 Release candidate for the Axis 2400/2401 Video Servers available: Title: Axis Network Camera HTTP Authentication Bypass
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |