VYPR

2100 Network Camera

by Axis

CVEs (14)

  • CVE-2015-8257HigMay 2, 2017
    risk 0.62cvss 8.8epss 0.18

    The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.

  • CVE-2015-8256MedApr 17, 2017
    risk 0.47cvss 6.1epss 0.51

    Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.

  • CVE-2017-15885MedOct 25, 2017
    risk 0.40cvss 6.1epss 0.01

    Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214.

  • CVE-2017-12413MedAug 4, 2017
    risk 0.40cvss 6.1epss 0.01

    AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.

  • CVE-2003-0240Jun 9, 2003
    risk 0.05cvss epss 0.30

    The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).

  • CVE-2007-2239May 7, 2007
    risk 0.04cvss epss 0.12

    Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause…

  • CVE-2004-2425Dec 31, 2004
    risk 0.04cvss epss 0.14

    Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.

  • CVE-2007-5214Oct 4, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the…

  • CVE-2007-5212Oct 4, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1…

  • CVE-2007-5213Oct 4, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to…

  • CVE-2004-2426Dec 31, 2004
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities,…

  • CVE-2004-2427Dec 31, 2004
    risk 0.00cvss epss 0.05

    Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system…

  • CVE-2004-0789Dec 31, 2004
    risk 0.00cvss epss 0.03

    Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU…

  • CVE-2001-1543Dec 31, 2001
    risk 0.00cvss epss 0.02

    Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.