How do I fix CVE-2004-2425?

To fix CVE-2004-2425, users should upgrade to the latest version of Axis Network Cameras or Video Servers that have patched this vulnerability.

Which Axis products are affected by CVE-2004-2425?

CVE-2004-2425 affects Axis Network Cameras versions 2.40 and earlier, and Video Servers versions 3.12 and earlier.

What type of attack is possible with CVE-2004-2425?

CVE-2004-2425 allows attackers to conduct remote command injection attacks via specially crafted query strings sent to virtualinput.cgi.

Is there a workaround for CVE-2004-2425 if I can't upgrade?

A potential workaround for CVE-2004-2425 is to restrict access to the affected devices through firewalls or network segmentation until an upgrade can be performed.

Vulnerability/
CVE-2004-2425

high

7.5

CWE

NVD-CWE-Other

31/12/2004

18/8/2005

8/8/2024

CVE-2004-2425

First published: Fri Dec 31 2004(Updated: )

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
AXIS 2100 Network Camera	=2.12
AXIS 2100 Network Camera	=2.30
AXIS 2100 Network Camera	=2.31
AXIS 2100 Network Camera	=2.32
AXIS 2100 Network Camera	=2.33
AXIS 2100 Network Camera	=2.34
AXIS 2100 Network Camera	=2.40
AXIS 2100 Network Camera	=2.41
Axis 2110 Network Camera	=2.12
Axis 2110 Network Camera	=2.30
Axis 2110 Network Camera	=2.31
Axis 2110 Network Camera	=2.32
Axis 2110 Network Camera	=2.34
Axis 2110 Network Camera	=2.40
Axis 2110 Network Camera	=2.41
Axis 2120 Network Camera	=2.12
Axis 2120 Network Camera	=2.30
Axis 2120 Network Camera	=2.31
Axis 2120 Network Camera	=2.32
Axis 2120 Network Camera	=2.34
Axis 2120 Network Camera	=2.40
Axis 2120 Network Camera	=2.41
AXIS 2130 PTZ Network Camera	=2.30
AXIS 2130 PTZ Network Camera	=2.31
AXIS 2130 PTZ Network Camera	=2.32
AXIS 2130 PTZ Network Camera	=2.34
AXIS 2130 PTZ Network Camera	=2.40
Axis 230 MPEG-2 Video Server	=3.11
AXIS 2400 Video Server	=1.1
AXIS 2400 Video Server	=1.2
AXIS 2400 Video Server	=1.10
AXIS 2400 Video Server	=1.11
AXIS 2400 Video Server	=1.12
AXIS 2400 Video Server	=1.15
AXIS 2400 Video Server	=2.0
AXIS 2400 Video Server	=2.20
AXIS 2400 Video Server	=2.30
AXIS 2400 Video Server	=2.31
AXIS 2400 Video Server	=2.32
AXIS 2400 Video Server	=2.33
AXIS 2400 Video Server	=2.34
AXIS 2400 Video Server	=3.11
AXIS 2400 Video Server	=3.12
Axis 2401 Video Server	=1.0_1
Axis 2401 Video Server	=1.15
Axis 2401 Video Server	=2.20
Axis 2401 Video Server	=2.30
Axis 2401 Video Server	=2.31
Axis 2401 Video Server	=2.32
Axis 2401 Video Server	=2.33
Axis 2401 Video Server	=2.34
Axis 2401 Video Server	=3.12
Axis 2401 Video Server	=3.13
AXIS 2411 Video Server	=3.12
AXIS 2411 Video Server	=3.13
AXIS 2420-IR Network Camera	=2.12
AXIS 2420-IR Network Camera	=2.30
AXIS 2420-IR Network Camera	=2.31
AXIS 2420-IR Network Camera	=2.32
AXIS 2420-IR Network Camera	=2.33
AXIS 2420-IR Network Camera	=2.34
AXIS 2420-IR Network Camera	=2.40
AXIS 2420-IR Network Camera	=2.41
Axis 2420 Video Server	=2.32
Axis 2420 Video Server	=2.34
Axis 2460 Network DVR
Axis 2460 Network DVR	=3.10
Axis 2460 Network DVR	=3.11
Axis 2490 serial Server
Axis 2490 serial Server	=2.11.3
Axis 250s Video Server
Axis 250s Video Server	=3.03
Axis 250s Video Server	=3.10
Axis StorPoint CD

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-2425?
CVE-2004-2425 is considered a critical vulnerability that allows remote attackers to execute arbitrary commands on affected Axis Network Cameras and Video Servers.
How do I fix CVE-2004-2425?
To fix CVE-2004-2425, users should upgrade to the latest version of Axis Network Cameras or Video Servers that have patched this vulnerability.
Which Axis products are affected by CVE-2004-2425?
CVE-2004-2425 affects Axis Network Cameras versions 2.40 and earlier, and Video Servers versions 3.12 and earlier.
What type of attack is possible with CVE-2004-2425?
CVE-2004-2425 allows attackers to conduct remote command injection attacks via specially crafted query strings sent to virtualinput.cgi.
Is there a workaround for CVE-2004-2425 if I can't upgrade?
A potential workaround for CVE-2004-2425 is to restrict access to the affected devices through firewalls or network segmentation until an upgrade can be performed.

agent/type
agent/first-publish-date
agent/remedy
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/last-modified-date
agent/references
agent/severity
agent/description
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/axis
canonical/axis 2100 network camera
version/axis 2100 network camera/2.12
version/axis 2100 network camera/2.30
version/axis 2100 network camera/2.31
version/axis 2100 network camera/2.32
version/axis 2100 network camera/2.33
version/axis 2100 network camera/2.34
version/axis 2100 network camera/2.40
version/axis 2100 network camera/2.41
canonical/axis 2110 network camera
version/axis 2110 network camera/2.12
version/axis 2110 network camera/2.30
version/axis 2110 network camera/2.31
version/axis 2110 network camera/2.32
version/axis 2110 network camera/2.34
version/axis 2110 network camera/2.40
version/axis 2110 network camera/2.41
canonical/axis 2120 network camera
version/axis 2120 network camera/2.12
version/axis 2120 network camera/2.30
version/axis 2120 network camera/2.31
version/axis 2120 network camera/2.32
version/axis 2120 network camera/2.34
version/axis 2120 network camera/2.40
version/axis 2120 network camera/2.41
canonical/axis 2130 ptz network camera
version/axis 2130 ptz network camera/2.30
version/axis 2130 ptz network camera/2.31
version/axis 2130 ptz network camera/2.32
version/axis 2130 ptz network camera/2.34
version/axis 2130 ptz network camera/2.40
canonical/axis 230 mpeg-2 video server
version/axis 230 mpeg-2 video server/3.11
canonical/axis 2400 video server
version/axis 2400 video server/1.1
version/axis 2400 video server/1.2
version/axis 2400 video server/1.10
version/axis 2400 video server/1.11
version/axis 2400 video server/1.12
version/axis 2400 video server/1.15
version/axis 2400 video server/2.0
version/axis 2400 video server/2.20
version/axis 2400 video server/2.30
version/axis 2400 video server/2.31
version/axis 2400 video server/2.32
version/axis 2400 video server/2.33
version/axis 2400 video server/2.34
version/axis 2400 video server/3.11
version/axis 2400 video server/3.12
canonical/axis 2401 video server
version/axis 2401 video server/1.0_1
version/axis 2401 video server/1.15
version/axis 2401 video server/2.20
version/axis 2401 video server/2.30
version/axis 2401 video server/2.31
version/axis 2401 video server/2.32
version/axis 2401 video server/2.33
version/axis 2401 video server/2.34
version/axis 2401 video server/3.12
version/axis 2401 video server/3.13
canonical/axis 2411 video server
version/axis 2411 video server/3.12
version/axis 2411 video server/3.13
canonical/axis 2420-ir network camera
version/axis 2420-ir network camera/2.12
version/axis 2420-ir network camera/2.30
version/axis 2420-ir network camera/2.31
version/axis 2420-ir network camera/2.32
version/axis 2420-ir network camera/2.33
version/axis 2420-ir network camera/2.34
version/axis 2420-ir network camera/2.40
version/axis 2420-ir network camera/2.41
canonical/axis 2420 video server
version/axis 2420 video server/2.32
version/axis 2420 video server/2.34
canonical/axis 2460 network dvr
version/axis 2460 network dvr/3.10
version/axis 2460 network dvr/3.11
canonical/axis 2490 serial server
version/axis 2490 serial server/2.11.3
canonical/axis 250s video server
version/axis 250s video server/3.03
version/axis 250s video server/3.10
canonical/axis storpoint cd

CVE-2004-2425

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-2425?

How do I fix CVE-2004-2425?

Which Axis products are affected by CVE-2004-2425?

What type of attack is possible with CVE-2004-2425?

Is there a workaround for CVE-2004-2425 if I can't upgrade?

Company

Resources

Contact