CVE-2007-5213

Exploit

EPSS 0.75%
Published 04.10.2007 23:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Axis ≫ 2100 Network Camera Version2.02

Axis ≫ 2100 Network Camera Firmware Version <= 2.42

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.75%	0.708

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://securityreason.com/securityalert/3188

http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf

Exploit

http://www.securityfocus.com/archive/1/480995/100/0/threaded

http://www.securityfocus.com/bid/25837

http://osvdb.org/39490

http://osvdb.org/39491

https://nvd.nist.gov/vuln/detail/CVE-2007-5213

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5213

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5213

EUVD