返回 CVE 浏览器

CVE-2007-5212

MEDIUM

4.3

CVSS Severity Score

EPSS Score0.0430%

EPSS Percentile35.82th

Published2007年10月4日

Last Modified2026年4月23日

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.

Affected Platforms (CPE)

🔌

Axis

2100 Network Camera

= 2.02

🔌

Axis

2100 Network Camera Firmware

<= 2.42

References & Advisories

🔗 http://osvdb.org/38795

🔗 http://osvdb.org/38796

🔗 http://securityreason.com/securityalert/3188

🔗 http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf

🔗 http://www.securityfocus.com/archive/1/480995/100/0/threaded

🔗 http://www.securityfocus.com/bid/25837

🔗 http://osvdb.org/38795

🔗 http://osvdb.org/38796

相关漏洞威胁

CVE-2007-52139.3

Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier all...

CVE-2001-15437.5

Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attacker...

CVE-2017-158856.1

Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaSc...

CVE-2004-03345.0

InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, ...