Unrated severityNVD Advisory· Published Oct 4, 2007· Updated Apr 23, 2026

CVE-2007-5212

Description

Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.

Affected products

Axis/2100 Network Camera
cpe:2.3:h:axis:2100_network_camera:2.02:*:*:*:*:*:*:*
Axis/2100 Network Camera Firmware
cpe:2.3:h:axis:2100_network_camera_firmware:*:*:*:*:*:*:*:*
Range: <=2.42

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.procheckup.com/Vulnerability_Axis_2100_research.pdfnvdExploit
osvdb.org/38795nvd
osvdb.org/38796nvd
securityreason.com/securityalert/3188nvd
www.securityfocus.com/archive/1/480995/100/0/threadednvd
www.securityfocus.com/bid/25837nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000