CVEブラウザに戻る

CVE-2007-5213

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.1930%

EPSS Percentile32.57th

Published2007年10月4日

Last Modified2026年4月23日

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.

Affected Platforms (CPE)

🔌

Axis

2100 Network Camera

= 2.02

🔌

Axis

2100 Network Camera Firmware

<= 2.42

References & Advisories

🔗 http://osvdb.org/39490

🔗 http://osvdb.org/39491

🔗 http://securityreason.com/securityalert/3188

🔗 http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf

🔗 http://www.securityfocus.com/archive/1/480995/100/0/threaded

🔗 http://www.securityfocus.com/bid/25837

🔗 http://osvdb.org/39490

🔗 http://osvdb.org/39491

関連する脆弱性情報

CVE-2001-15437.5

Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attacker...

CVE-2017-158856.1

Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaSc...

CVE-2004-03345.0

InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, ...

CVE-2007-52124.3

Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote at...