CVE-2007-5213

Exploit

EPSS 0.75%
Veröffentlicht 04.10.2007 23:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Axis ≫ 2100 Network Camera Version2.02

Axis ≫ 2100 Network Camera Firmware Version <= 2.42

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.75%	0.708

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://securityreason.com/securityalert/3188

http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf

Exploit

http://www.securityfocus.com/archive/1/480995/100/0/threaded

http://www.securityfocus.com/bid/25837

http://osvdb.org/39490

http://osvdb.org/39491

https://nvd.nist.gov/vuln/detail/CVE-2007-5213

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5213

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5213

EUVD