CVSS: 4.3EPSS: 4%CPEs: 1EXPL: 4CVE-2007-4930 – Axis Communications 207W Network Camera - Web Interface '/admin/restartMessage.shtml?server' Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2007-4930
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en la cámara AXIS 207W permiten a atacantes remotos realizar ciertas acciones como administradores a través de (1) axis-cgi/admin/restart.cgi, (2) los parámetros user y sgrp al axis-cgi/admin/pwdgrp.cgi en la acción add o (3) el parámetro server del admin/restartMessage.shtml. • https://www.exploit-db.com/exploits/30587 https://www.exploit-db.com/exploits/30586 https://www.exploit-db.com/exploits/30585 http://airscanner.com/security/07080701_axis.htm http://secunia.com/advisories/26831 http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded http://www.securityfocus.com/bid/25678 http://www.securitytracker.com/id?1018699 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4926
https://notcve.org/view.php?id=CVE-2007-4926
The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors. La cámara AXIS 207W utiliza nombre y contraseña en texto en claro codificado base64 para la autenticación, lo cual permite a atacantes remotos obtener información confidencial al rastrear la red inalámbrica o al aprovechar otros vectores no especificados. • http://airscanner.com/security/07080701_axis.htm http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded http://www.securitytracker.com/id?1018699 • CWE-310: Cryptographic Issues •
CVSS: 3.5EPSS: 1%CPEs: 1EXPL: 1CVE-2007-4927
https://notcve.org/view.php?id=CVE-2007-4927
axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action. El axis-cgi/buffer/command.cgi en la cámara AXIS 207W permite a usuarios remotos autenticados provocar una denegación de servicio (reiniciar) a través de múltiples peticiones con un único nombre de búfer en el parámetro buffername en la acción de inicio. • http://airscanner.com/security/07080701_axis.htm http://secunia.com/advisories/26831 http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded http://www.securityfocus.com/bid/25678 http://www.securitytracker.com/id?1018699 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4928
https://notcve.org/view.php?id=CVE-2007-4928
The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information. La cámara AXIS 207W almacena una clave WEP o WPA en texto claro en el archivo de configuración, lo cual podría permitir a usuarios locales obtener información sensible. • http://airscanner.com/security/07080701_axis.htm http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4929
https://notcve.org/view.php?id=CVE-2007-4929
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la cámara AXIS 207W permiten a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro camNo en incl/image_incl.shtml, y otros vectores no especificados. • http://airscanner.com/security/07080701_axis.htm http://secunia.com/advisories/26831 http://securityreason.com/securityalert/3145 http://www.informit.com/articles/article.aspx?p=1016102 http://www.securityfocus.com/archive/1/479600/100/0/threaded http://www.securityfocus.com/bid/25678 http://www.securitytracker.com/id?1018699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •