2100 Network Camera
by Axis
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8257 | Hig | 0.62 | 8.8 | 0.18 | May 2, 2017 | The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml. | ||
| CVE-2015-8256 | Med | 0.47 | 6.1 | 0.51 | Apr 17, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. | ||
| CVE-2017-15885 | Med | 0.40 | 6.1 | 0.01 | Oct 25, 2017 | Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214. | ||
| CVE-2017-12413 | Med | 0.40 | 6.1 | 0.01 | Aug 4, 2017 | AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml. | ||
| CVE-2003-0240 | 0.05 | — | 0.30 | Jun 9, 2003 | The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash). | |||
| CVE-2007-2239 | 0.04 | — | 0.12 | May 7, 2007 | Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause… | |||
| CVE-2004-2425 | 0.04 | — | 0.14 | Dec 31, 2004 | Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi. | |||
| CVE-2007-5214 | 0.00 | — | 0.02 | Oct 4, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the… | |||
| CVE-2007-5212 | 0.00 | — | 0.02 | Oct 4, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1… | |||
| CVE-2007-5213 | 0.00 | — | 0.02 | Oct 4, 2007 | Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to… | |||
| CVE-2004-2426 | 0.00 | — | 0.04 | Dec 31, 2004 | Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities,… | |||
| CVE-2004-2427 | 0.00 | — | 0.05 | Dec 31, 2004 | Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system… | |||
| CVE-2004-0789 | 0.00 | — | 0.03 | Dec 31, 2004 | Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU… | |||
| CVE-2001-1543 | 0.00 | — | 0.02 | Dec 31, 2001 | Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera. |
- risk 0.62cvss 8.8epss 0.18
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
- risk 0.47cvss 6.1epss 0.51
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.
- risk 0.40cvss 6.1epss 0.01
Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214.
- risk 0.40cvss 6.1epss 0.01
AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.
- CVE-2003-0240Jun 9, 2003risk 0.05cvss —epss 0.30
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
- CVE-2007-2239May 7, 2007risk 0.04cvss —epss 0.12
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause…
- CVE-2004-2425Dec 31, 2004risk 0.04cvss —epss 0.14
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
- CVE-2007-5214Oct 4, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the…
- CVE-2007-5212Oct 4, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1…
- CVE-2007-5213Oct 4, 2007risk 0.00cvss —epss 0.02
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to…
- CVE-2004-2426Dec 31, 2004risk 0.00cvss —epss 0.04
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities,…
- CVE-2004-2427Dec 31, 2004risk 0.00cvss —epss 0.05
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system…
- CVE-2004-0789Dec 31, 2004risk 0.00cvss —epss 0.03
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU…
- CVE-2001-1543Dec 31, 2001risk 0.00cvss —epss 0.02
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.