Vulnerability Details : CVE-2004-2426
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2004-2426
Probability of exploitation activity in the next 30 days: 1.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-2426
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2004-2426
-
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html
Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17079
- http://www.securityfocus.com/bid/11011
-
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html
Patch;Vendor Advisory
-
http://securitytracker.com/id?1011056
Exploit;Patch
Products affected by CVE-2004-2426
- cpe:2.3:h:axis:storpoint_cd:*:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2130_ptz_network_camera:2.40:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2130_ptz_network_camera:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2130_ptz_network_camera:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2130_ptz_network_camera:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2130_ptz_network_camera:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:1.15:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:1.2:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:1.1:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:1.10:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:1.11:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:1.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2400_video_server:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:1.0_1:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:1.15:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2401_video_server:3.13:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2460_network_dvr:3.10:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2460_network_dvr:3.11:*:*:*:*:*:*:*
- cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:axis:250s_video_server:3.03:*:*:*:*:*:*:*
- cpe:2.3:h:axis:250s_video_server:3.10:*:*:*:*:*:*:*
- cpe:2.3:h:axis:230_mpeg2_video_server:3.11:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2411_video_server:3.12:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2411_video_server:3.13:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_video_server:2.32:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2420_video_server:2.34:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*