Vulnerability Name:

CVE-2004-2427 (CCN-11441)

Assigned:2003-02-28
Published:2003-02-28
Updated:2008-09-05
Summary:Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: BugTraq Mailing List, Fri Feb 28 2003 - 03:46:12 CST
axis2400 webcams

Source: CCN
Type: BugTraq Mailing List, Tue Mar 25 2003 - 08:30:35 CST
Axis Video and Camera Servers - System log access and file access/overwrite via HTTP/CGI

Source: FULLDISC
Type: Exploit
20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers

Source: MITRE
Type: CNA
CVE-2004-2427

Source: CCN
Type: SECTRACK ID: 1011056
Axis Network Cameras Let Remote Users View and Edit Files on the Device

Source: SECTRACK
Type: Exploit
1011056

Source: CCN
Type: Axis Communications Web site
AXIS 2400 Video Server

Source: OSVDB
Type: UNKNOWN
9123

Source: OSVDB
Type: UNKNOWN
9125

Source: OSVDB
Type: UNKNOWN
9126

Source: OSVDB
Type: UNKNOWN
9127

Source: OSVDB
Type: UNKNOWN
9128

Source: OSVDB
Type: UNKNOWN
9129

Source: OSVDB
Type: Patch
9130

Source: CCN
Type: OSVDB ID: 9123
Axis Network Camera/Video Server getparam.cgi Information Disclosure

Source: CCN
Type: OSVDB ID: 9125
Axis Network Camera/Video Server setparam.cgi System Parameter Modification

Source: CCN
Type: OSVDB ID: 9126
Axis Network Camera/Video Server systemlog.cgi Information Disclosure

Source: CCN
Type: OSVDB ID: 9127
Axis Network Camera/Video Server serverreport.cgi Information Disclosure

Source: CCN
Type: OSVDB ID: 9128
Axis Network Camera/Video Server restart.cgi DoS

Source: CCN
Type: OSVDB ID: 9129
Axis Network Camera/Video Server paramlist.cgi Information Disclosure

Source: CCN
Type: OSVDB ID: 9130
Axis Network Camera/Video Server factorydefault.cgi System Parameter Modification

Source: XF
Type: UNKNOWN
axis-command-file-overwrite(11441)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*
  • OR cpe:/h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:1.1:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:1.2:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:1.10:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:1.11:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:1.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:1.15:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.20:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.33:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:3.11:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:3.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:1.15:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:2.20:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:2.33:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:3.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:3.13:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2411_video_server:3.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2411_video_server:3.13:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_video_server:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_video_server:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2460_network_dvr:*:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2490_serial_server:*:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*
  • OR cpe:/h:axis:250s_video_server:*:*:*:*:*:*:*:*
  • OR cpe:/h:axis:250s_video_server:3.03:*:*:*:*:*:*:*
  • OR cpe:/h:axis:250s_video_server:3.10:*:*:*:*:*:*:*
  • OR cpe:/h:axis:storpoint_cd:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:1.1:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:1.10:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:1.11:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:1.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:1.15:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:1.2:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.20:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.33:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2400_video_server:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:1.15:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:2.20:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:2.33:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2401_video_server:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_video_server:2.32:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2420_video_server:2.34:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*
  • OR cpe:/h:axis:250s_video_server:3.03:*:*:*:*:*:*:*
  • OR cpe:/h:axis:storpoint_cd:*:*:*:*:*:*:*:*
  • OR cpe:/h:axis:250s_video_server:3.10:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2411_video_server:3.13:*:*:*:*:*:*:*
  • OR cpe:/h:axis:2411_video_server:3.12:*:*:*:*:*:*:*
  • OR cpe:/h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    axis 2100 network camera 2.12
    axis 2100 network camera 2.30
    axis 2100 network camera 2.31
    axis 2100 network camera 2.32
    axis 2100 network camera 2.33
    axis 2100 network camera 2.34
    axis 2100 network camera 2.40
    axis 2100 network camera 2.41
    axis 2110 network camera 2.12
    axis 2110 network camera 2.30
    axis 2110 network camera 2.31
    axis 2110 network camera 2.32
    axis 2110 network camera 2.34
    axis 2110 network camera 2.40
    axis 2110 network camera 2.41
    axis 2120 network camera 2.12
    axis 2120 network camera 2.30
    axis 2120 network camera 2.31
    axis 2120 network camera 2.32
    axis 2120 network camera 2.34
    axis 2120 network camera 2.40
    axis 2120 network camera 2.41
    axis 2130 ptz network camera 2.30
    axis 2130 ptz network camera 2.31
    axis 2130 ptz network camera 2.32
    axis 2130 ptz network camera 2.34
    axis 2130 ptz network camera 2.40
    axis 230 mpeg2 video server 3.11
    axis 2400 video server 1.1
    axis 2400 video server 1.2
    axis 2400 video server 1.10
    axis 2400 video server 1.11
    axis 2400 video server 1.12
    axis 2400 video server 1.15
    axis 2400 video server 2.0
    axis 2400 video server 2.20
    axis 2400 video server 2.30
    axis 2400 video server 2.31
    axis 2400 video server 2.32
    axis 2400 video server 2.33
    axis 2400 video server 2.34
    axis 2400 video server 3.11
    axis 2400 video server 3.12
    axis 2401 video server 1.0_1
    axis 2401 video server 1.15
    axis 2401 video server 2.20
    axis 2401 video server 2.30
    axis 2401 video server 2.31
    axis 2401 video server 2.32
    axis 2401 video server 2.33
    axis 2401 video server 2.34
    axis 2401 video server 3.12
    axis 2401 video server 3.13
    axis 2411 video server 3.12
    axis 2411 video server 3.13
    axis 2420 network camera 2.12
    axis 2420 network camera 2.30
    axis 2420 network camera 2.31
    axis 2420 network camera 2.32
    axis 2420 network camera 2.33
    axis 2420 network camera 2.34
    axis 2420 network camera 2.40
    axis 2420 network camera 2.41
    axis 2420 video server 2.32
    axis 2420 video server 2.34
    axis 2460 network dvr *
    axis 2460 network dvr 3.10
    axis 2460 network dvr 3.11
    axis 2490 serial server *
    axis 2490 serial server 2.11.3
    axis 250s video server *
    axis 250s video server 3.03
    axis 250s video server 3.10
    axis storpoint cd *
    axis 2130 ptz network camera 2.32
    axis 2100 network camera 2.12
    axis 2100 network camera 2.30
    axis 2100 network camera 2.31
    axis 2100 network camera 2.32
    axis 2100 network camera 2.33
    axis 2100 network camera 2.34
    axis 2100 network camera 2.40
    axis 2100 network camera 2.41
    axis 2110 network camera 2.12
    axis 2110 network camera 2.30
    axis 2110 network camera 2.31
    axis 2110 network camera 2.32
    axis 2110 network camera 2.34
    axis 2110 network camera 2.40
    axis 2110 network camera 2.41
    axis 2120 network camera 2.12
    axis 2120 network camera 2.30
    axis 2120 network camera 2.31
    axis 2120 network camera 2.32
    axis 2120 network camera 2.34
    axis 2120 network camera 2.40
    axis 2120 network camera 2.41
    axis 2130 ptz network camera 2.30
    axis 2130 ptz network camera 2.31
    axis 2130 ptz network camera 2.34
    axis 2130 ptz network camera 2.40
    axis 2400 video server 1.1
    axis 2400 video server 1.10
    axis 2400 video server 1.11
    axis 2400 video server 1.12
    axis 2400 video server 1.15
    axis 2400 video server 1.2
    axis 2400 video server 2.0
    axis 2400 video server 2.20
    axis 2400 video server 2.30
    axis 2400 video server 2.31
    axis 2400 video server 2.32
    axis 2400 video server 2.33
    axis 2400 video server 2.34
    axis 2401 video server 1.0_1
    axis 2401 video server 1.15
    axis 2401 video server 2.20
    axis 2401 video server 2.30
    axis 2401 video server 2.31
    axis 2401 video server 2.32
    axis 2401 video server 2.33
    axis 2401 video server 2.34
    axis 2420 network camera 2.12
    axis 2420 network camera 2.30
    axis 2420 network camera 2.31
    axis 2420 network camera 2.32
    axis 2420 network camera 2.33
    axis 2420 network camera 2.34
    axis 2420 network camera 2.40
    axis 2420 network camera 2.41
    axis 2420 video server 2.32
    axis 2420 video server 2.34
    axis 2460 network dvr 3.10
    axis 2460 network dvr 3.11
    axis 2490 serial server 2.11.3
    axis 250s video server 3.03
    axis storpoint cd *
    axis 250s video server 3.10
    axis 2411 video server 3.13
    axis 2411 video server 3.12
    axis 230 mpeg2 video server 3.11