CVE-2007-5212
https://notcve.org/view.php?id=CVE-2007-5212
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en AXIS 2100 Network Camera 2.02 con firmware anterior a 2.43 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) parámetros asociados configuraciones guardadas, como ha sido demostrado por el parámetro conf_SMTP_MailServer1 a ServerManager.srv; o (2) el parámetro subpage a wizard/first/wizard_main_first.shtml. NOTA: un atacante podría aprovechar una vulnerabilidad CSRF para modificar configuraciones guardadas. • http://osvdb.org/38795 http://osvdb.org/38796 http://securityreason.com/securityalert/3188 http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf http://www.securityfocus.com/archive/1/480995/100/0/threaded http://www.securityfocus.com/bid/25837 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4930 – Axis Communications 207W Network Camera - Web Interface '/admin/restartMessage.shtml?server' Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2007-4930
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en la cámara AXIS 207W permiten a atacantes remotos realizar ciertas acciones como administradores a través de (1) axis-cgi/admin/restart.cgi, (2) los parámetros user y sgrp al axis-cgi/admin/pwdgrp.cgi en la acción add o (3) el parámetro server del admin/restartMessage.shtml. • https://www.exploit-db.com/exploits/30587 https://www.exploit-db.com/exploits/30586 https://www.exploit-db.com/exploits/30585 http://airscanner.com/security/07080701_axis.htm http://secunia.com/advisories/26831 http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded http://www.securityfocus.com/bid/25678 http://www.securitytracker.com/id?1018699 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2007-4926
https://notcve.org/view.php?id=CVE-2007-4926
The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors. La cámara AXIS 207W utiliza nombre y contraseña en texto en claro codificado base64 para la autenticación, lo cual permite a atacantes remotos obtener información confidencial al rastrear la red inalámbrica o al aprovechar otros vectores no especificados. • http://airscanner.com/security/07080701_axis.htm http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded http://www.securitytracker.com/id?1018699 • CWE-310: Cryptographic Issues •
CVE-2007-4927
https://notcve.org/view.php?id=CVE-2007-4927
axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action. El axis-cgi/buffer/command.cgi en la cámara AXIS 207W permite a usuarios remotos autenticados provocar una denegación de servicio (reiniciar) a través de múltiples peticiones con un único nombre de búfer en el parámetro buffername en la acción de inicio. • http://airscanner.com/security/07080701_axis.htm http://secunia.com/advisories/26831 http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded http://www.securityfocus.com/bid/25678 http://www.securitytracker.com/id?1018699 • CWE-20: Improper Input Validation •
CVE-2007-4928
https://notcve.org/view.php?id=CVE-2007-4928
The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information. La cámara AXIS 207W almacena una clave WEP o WPA en texto claro en el archivo de configuración, lo cual podría permitir a usuarios locales obtener información sensible. • http://airscanner.com/security/07080701_axis.htm http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded • CWE-310: Cryptographic Issues •