Axis: Security Vulnerabilities
AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-04
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
CVSS Score
8.8
EPSS Score
0.174
Published
2017-05-02
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.
CVSS Score
6.1
EPSS Score
0.069
Published
2017-04-17
AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-04-10
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."
CVSS Score
7.5
EPSS Score
0.174
Published
2017-04-10
The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods.
CVSS Score
8.8
EPSS Score
0.153
Published
2013-10-04
Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml.
CVSS Score
4.3
EPSS Score
0.021
Published
2013-02-12
Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value.
CVSS Score
9.3
EPSS Score
0.093
Published
2009-01-26
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
CVSS Score
4.3
EPSS Score
0.004
Published
2007-10-04
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.
CVSS Score
9.3
EPSS Score
0.008
Published
2007-10-04