CVSS: 4.3EPSS: 4%CPEs: 1EXPL: 4CVE-2007-4930 – Axis Communications 207W Network Camera - Web Interface '/admin/restartMessage.shtml?server' Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2007-4930
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en la cámara AXIS 207W permiten a atacantes remotos realizar ciertas acciones como administradores a través de (1) axis-cgi/admin/restart.cgi, (2) los parámetros user y sgrp al axis-cgi/admin/pwdgrp.cgi en la acción add o (3) el parámetro server del admin/restartMessage.shtml. • https://www.exploit-db.com/exploits/30587 https://www.exploit-db.com/exploits/30586 https://www.exploit-db.com/exploits/30585 http://airscanner.com/security/07080701_axis.htm http://secunia.com/advisories/26831 http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded http://www.securityfocus.com/bid/25678 http://www.securitytracker.com/id?1018699 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.5EPSS: 1%CPEs: 1EXPL: 1CVE-2007-4927
https://notcve.org/view.php?id=CVE-2007-4927
axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action. El axis-cgi/buffer/command.cgi en la cámara AXIS 207W permite a usuarios remotos autenticados provocar una denegación de servicio (reiniciar) a través de múltiples peticiones con un único nombre de búfer en el parámetro buffername en la acción de inicio. • http://airscanner.com/security/07080701_axis.htm http://secunia.com/advisories/26831 http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded http://www.securityfocus.com/bid/25678 http://www.securitytracker.com/id?1018699 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4928
https://notcve.org/view.php?id=CVE-2007-4928
The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information. La cámara AXIS 207W almacena una clave WEP o WPA en texto claro en el archivo de configuración, lo cual podría permitir a usuarios locales obtener información sensible. • http://airscanner.com/security/07080701_axis.htm http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4929
https://notcve.org/view.php?id=CVE-2007-4929
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la cámara AXIS 207W permiten a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro camNo en incl/image_incl.shtml, y otros vectores no especificados. • http://airscanner.com/security/07080701_axis.htm http://secunia.com/advisories/26831 http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded http://www.securityfocus.com/bid/25678 http://www.securitytracker.com/id?1018699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •