1. Home
  2. CVE Database
  3. CVE-2004-2427
HIGH · 10.0

CVE-2004-2427

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi,...

Vulnerability Description

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
Axis2100 Network Camera2.12
Axis2110 Network Camera2.12
Axis2120 Network Camera2.12
Axis2130 Ptz Network Camera2.30
Axis230 Mpeg2 Video Server3.11
Axis2400 Video Server1.1
Axis2401 Video Server1.0_1
Axis2411 Video Server3.12
Axis2420 Network Camera2.12
Axis2420 Video Server2.32
Axis2460 Network DvrAll versions
Axis2490 Serial ServerAll versions
Axis250S Video ServerAll versions
AxisStorpoint CdAll versions

References

FAQ

What is CVE-2004-2427?

CVE-2004-2427 is a vulnerability with a CVSS score of 10.0 (HIGH). Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi,...

How severe is CVE-2004-2427?

CVE-2004-2427 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-2427?

Check the references section above for vendor advisories and patch information. Affected products include: Axis 2100 Network Camera, Axis 2110 Network Camera, Axis 2120 Network Camera, Axis 2130 Ptz Network Camera, Axis 230 Mpeg2 Video Server.