Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Axis | 2100 Network Camera | 2.02 |
| Axis | 2100 Network Camera Firmware | <= 2.42 |
Related Weaknesses (CWE)
References
- http://osvdb.org/38795
- http://osvdb.org/38796
- http://securityreason.com/securityalert/3188
- http://www.procheckup.com/Vulnerability_Axis_2100_research.pdfExploit
- http://www.securityfocus.com/archive/1/480995/100/0/threaded
- http://www.securityfocus.com/bid/25837
- http://osvdb.org/38795
- http://osvdb.org/38796
- http://securityreason.com/securityalert/3188
- http://www.procheckup.com/Vulnerability_Axis_2100_research.pdfExploit
- http://www.securityfocus.com/archive/1/480995/100/0/threaded
- http://www.securityfocus.com/bid/25837
FAQ
What is CVE-2007-5212?
CVE-2007-5212 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters asso...
How severe is CVE-2007-5212?
CVE-2007-5212 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5212?
Check the references section above for vendor advisories and patch information. Affected products include: Axis 2100 Network Camera, Axis 2100 Network Camera Firmware.