CVE-2003-0240
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/06/2003
Last modified:
03/04/2025
Description
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:h:axis:2100_network_camera:*:*:*:*:*:*:*:* | 2.32 (including) | |
cpe:2.3:h:axis:2110_network_camera:*:*:*:*:*:*:*:* | 2.32 (including) | |
cpe:2.3:h:axis:2120_network_camera:*:*:*:*:*:*:*:* | 2.32 (including) | |
cpe:2.3:h:axis:2130_ptz_network_camera:*:*:*:*:*:*:*:* | 2.32 (including) | |
cpe:2.3:h:axis:2400_video_server:*:*:*:*:*:*:*:* | 2.32 (including) | |
cpe:2.3:h:axis:2401_video_server:*:*:*:*:*:*:*:* | 2.32 (including) | |
cpe:2.3:h:axis:2420_network_camera:*:*:*:*:*:*:*:* | 2.32 (including) | |
cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:* | 3.00 (including) | |
cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:* | 3.02 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=105406374731579&w=2
- http://secunia.com/advisories/8876
- http://securitytracker.com/id?1006854=
- http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
- http://www.kb.cert.org/vuls/id/799060
- http://www.osvdb.org/4804
- http://www.securityfocus.com/bid/7652
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12104
- http://marc.info/?l=bugtraq&m=105406374731579&w=2
- http://secunia.com/advisories/8876
- http://securitytracker.com/id?1006854=
- http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
- http://www.kb.cert.org/vuls/id/799060
- http://www.osvdb.org/4804
- http://www.securityfocus.com/bid/7652
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12104