CVE-2003-0240
First published: Fri May 30 2003(Updated: )
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AXIS 2100 Network Camera | <=2.32 | |
| Axis 2110 Network Camera | <=2.32 | |
| Axis 2120 Network Camera | <=2.32 | |
| AXIS 2130 PTZ Network Camera | <=2.32 | |
| AXIS 2400 Video Server | <=2.32 | |
| Axis 2401 Video Server | <=2.32 | |
| AXIS 2420-IR Network Camera | <=2.32 | |
| Axis 2460 Network DVR | <=3.00 | |
| Axis 250s Video Server | <=3.02 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/799060
- http://www.securityfocus.com/bid/7652
- http://securitytracker.com/id?1006854
- http://secunia.com/advisories/8876
- http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
- http://www.osvdb.org/4804
- http://marc.info/?l=bugtraq&m=105406374731579&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12104
Frequently Asked Questions
What is the severity of CVE-2003-0240?
CVE-2003-0240 is a high-severity vulnerability that allows unauthorized remote access to configuration settings of affected Axis Network Camera products.
How do I fix CVE-2003-0240?
To mitigate CVE-2003-0240, it is recommended to update the firmware of the affected Axis Network Camera products to the latest version that addresses this vulnerability.
Which products are affected by CVE-2003-0240?
CVE-2003-0240 affects Axis 2100, 2110, 2120, 2130 PTZ Network Cameras, 2400, 2401 Video Servers, 2420-IR Network Camera, and 2460 Network DVR, among others, all with firmware versions up to 2.32.
What is the attack vector for CVE-2003-0240?
The attack vector for CVE-2003-0240 is through crafted HTTP requests that exploit the web-based administration interface of affected devices.
What is the potential impact of exploiting CVE-2003-0240?
Exploitation of CVE-2003-0240 allows an attacker to bypass security restrictions and potentially alter device configurations, leading to unauthorized access and control.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/axis
- canonical/axis 2100 network camera
- version/axis 2100 network camera/2.32
- canonical/axis 2110 network camera
- version/axis 2110 network camera/2.32
- canonical/axis 2120 network camera
- version/axis 2120 network camera/2.32
- canonical/axis 2130 ptz network camera
- version/axis 2130 ptz network camera/2.32
- canonical/axis 2400 video server
- version/axis 2400 video server/2.32
- canonical/axis 2401 video server
- version/axis 2401 video server/2.32
- canonical/axis 2420-ir network camera
- version/axis 2420-ir network camera/2.32
- canonical/axis 2460 network dvr
- version/axis 2460 network dvr/3.00
- canonical/axis 250s video server
- version/axis 250s video server/3.02