6 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL. • https://d0ub1e-d.github.io/2022/12/30/exploit-db-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 4%CPEs: 1EXPL: 4

Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en la cámara AXIS 207W permiten a atacantes remotos realizar ciertas acciones como administradores a través de (1) axis-cgi/admin/restart.cgi, (2) los parámetros user y sgrp al axis-cgi/admin/pwdgrp.cgi en la acción add o (3) el parámetro server del admin/restartMessage.shtml. • https://www.exploit-db.com/exploits/30587 https://www.exploit-db.com/exploits/30586 https://www.exploit-db.com/exploits/30585 http://airscanner.com/security/07080701_axis.htm http://secunia.com/advisories/26831 http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded http://www.securityfocus.com/bid/25678 http://www.securitytracker.com/id?1018699 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors. La cámara AXIS 207W utiliza nombre y contraseña en texto en claro codificado base64 para la autenticación, lo cual permite a atacantes remotos obtener información confidencial al rastrear la red inalámbrica o al aprovechar otros vectores no especificados. • http://airscanner.com/security/07080701_axis.htm http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded http://www.securitytracker.com/id?1018699 • CWE-310: Cryptographic Issues •

CVSS: 3.5EPSS: 1%CPEs: 1EXPL: 1

axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action. El axis-cgi/buffer/command.cgi en la cámara AXIS 207W permite a usuarios remotos autenticados provocar una denegación de servicio (reiniciar) a través de múltiples peticiones con un único nombre de búfer en el parámetro buffername en la acción de inicio. • http://airscanner.com/security/07080701_axis.htm http://secunia.com/advisories/26831 http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded http://www.securityfocus.com/bid/25678 http://www.securitytracker.com/id?1018699 • CWE-20: Improper Input Validation •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information. La cámara AXIS 207W almacena una clave WEP o WPA en texto claro en el archivo de configuración, lo cual podría permitir a usuarios locales obtener información sensible. • http://airscanner.com/security/07080701_axis.htm http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded • CWE-310: Cryptographic Issues •