Vulnerability Description
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Axis | 2100 Network Camera | <= 2.32 |
| Axis | 2110 Network Camera | <= 2.32 |
| Axis | 2120 Network Camera | <= 2.32 |
| Axis | 2130 Ptz Network Camera | <= 2.32 |
| Axis | 2400 Video Server | <= 2.32 |
| Axis | 2401 Video Server | <= 2.32 |
| Axis | 2420 Network Camera | <= 2.32 |
| Axis | 2460 Network Dvr | <= 3.00 |
| Axis | 250S Video Server | <= 3.02 |
References
- http://marc.info/?l=bugtraq&m=105406374731579&w=2
- http://secunia.com/advisories/8876
- http://securitytracker.com/id?1006854
- http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
- http://www.kb.cert.org/vuls/id/799060US Government Resource
- http://www.osvdb.org/4804
- http://www.securityfocus.com/bid/7652
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12104
- http://marc.info/?l=bugtraq&m=105406374731579&w=2
- http://secunia.com/advisories/8876
- http://securitytracker.com/id?1006854
- http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
- http://www.kb.cert.org/vuls/id/799060US Government Resource
- http://www.osvdb.org/4804
- http://www.securityfocus.com/bid/7652
FAQ
What is CVE-2003-0240?
CVE-2003-0240 is a vulnerability with a CVSS score of 10.0 (HIGH). The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.s...
How severe is CVE-2003-0240?
CVE-2003-0240 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0240?
Check the references section above for vendor advisories and patch information. Affected products include: Axis 2100 Network Camera, Axis 2110 Network Camera, Axis 2120 Network Camera, Axis 2130 Ptz Network Camera, Axis 2400 Video Server.