Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Axis | 2100 Network Camera | 2.02 |
| Axis | 2100 Network Camera Firmware | <= 2.42 |
Related Weaknesses (CWE)
References
- http://osvdb.org/39490
- http://osvdb.org/39491
- http://securityreason.com/securityalert/3188
- http://www.procheckup.com/Vulnerability_Axis_2100_research.pdfExploit
- http://www.securityfocus.com/archive/1/480995/100/0/threaded
- http://www.securityfocus.com/bid/25837
- http://osvdb.org/39490
- http://osvdb.org/39491
- http://securityreason.com/securityalert/3188
- http://www.procheckup.com/Vulnerability_Axis_2100_research.pdfExploit
- http://www.securityfocus.com/archive/1/480995/100/0/threaded
- http://www.securityfocus.com/bid/25837
FAQ
What is CVE-2007-5213?
CVE-2007-5213 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstra...
How severe is CVE-2007-5213?
CVE-2007-5213 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5213?
Check the references section above for vendor advisories and patch information. Affected products include: Axis 2100 Network Camera, Axis 2100 Network Camera Firmware.