CyberSec.Space Logo
Back to CVE Browser

CVE-2007-5213

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile32.57th
PublishedOct 4, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.

Affected Platforms (CPE)

πŸ”Œ
Axis

2100 Network Camera

= 2.02
πŸ”Œ
Axis

2100 Network Camera Firmware

<= 2.42

References & Advisories

πŸ”— http://osvdb.org/39490
πŸ”— http://osvdb.org/39491
πŸ”— http://securityreason.com/securityalert/3188
πŸ”— http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf
πŸ”— http://www.securityfocus.com/archive/1/480995/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/25837
πŸ”— http://osvdb.org/39490
πŸ”— http://osvdb.org/39491

Related Vulnerabilities

CVE-2001-15437.5

Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attacker...

CVE-2017-158856.1

Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaSc...

CVE-2004-03345.0

InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, ...

CVE-2007-52124.3

Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote at...