Vulnerability Details : CVE-2004-2425
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
Products affected by CVE-2004-2425
- cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*
- cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*
- cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*
- cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2425
5.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2425
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-2425
-
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html
Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17076
-
http://www.securityfocus.com/bid/11011
Patch
-
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html
Patch;Vendor Advisory
-
http://securitytracker.com/id?1011056
Exploit;Patch
Jump to