CVE-2004-2426
First published: Fri Dec 31 2004(Updated: )
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Axis 2120 Network Camera | =2.31 | |
| Axis 2110 Network Camera | =2.32 | |
| Axis StorPoint CD | ||
| Axis 2100 Network Camera Firmware | =2.12 | |
| AXIS Video Server | =1.15 | |
| Axis 2100 Network Camera Firmware | =2.41 | |
| AXIS Video Server | =2.20 | |
| AXIS Video Server | =3.13 | |
| Axis 2120 Network Camera | =2.32 | |
| AXIS Video Server | =3.12 | |
| Axis 2110 Network Camera | =2.41 | |
| AXIS 2420-IR Network Camera | =2.33 | |
| AXIS 2420-IR Network Camera | =2.12 | |
| Axis 2120 Network Camera | =2.34 | |
| Axis 2100 Network Camera Firmware | =2.31 | |
| Axis 2110 Network Camera | =2.12 | |
| AXIS Video Server | =2.34 | |
| Axis 2120 Network Camera | =2.30 | |
| AXIS Video Server | =2.32 | |
| Axis PTZ Camera | =2.32 | |
| AXIS Video Server | =1.0_1 | |
| AXIS 2420-IR Network Camera | =2.30 | |
| AXIS Video Server | =1.15 | |
| AXIS Video Server | =3.13 | |
| Axis 2120 Network Camera | =2.12 | |
| Axis 2460 Network DVR | =3.10 | |
| Axis 230 MPEG-2 Video Server | =3.11 | |
| AXIS Video Server | =2.33 | |
| AXIS Video Server | =1.12 | |
| Axis 2100 Network Camera Firmware | =2.30 | |
| Axis PTZ Camera | =2.30 | |
| AXIS 2420-IR Network Camera | =2.32 | |
| AXIS Video Server | =2.31 | |
| Axis 2110 Network Camera | =2.34 | |
| Axis 2490 Serial Server | =2.11.3 | |
| AXIS Video Server | =2.20 | |
| AXIS Video Server | =2.30 | |
| Axis PTZ Camera | =2.34 | |
| AXIS Video Server | =3.10 | |
| Axis 2120 Network Camera | =2.41 | |
| AXIS 2420-IR Network Camera | =2.40 | |
| Axis 2490 Serial Server | ||
| AXIS Video Server | =2.34 | |
| Axis PTZ Camera | =2.31 | |
| AXIS Video Server | ||
| AXIS Video Server | =2.30 | |
| AXIS Video Server | =1.1 | |
| AXIS Video Server | =2.31 | |
| Axis 2120 Network Camera | =2.40 | |
| AXIS Video Server | =2.34 | |
| Axis PTZ Camera | =2.40 | |
| Axis 2100 Network Camera Firmware | =2.33 | |
| AXIS Video Server | =3.03 | |
| Axis 2110 Network Camera | =2.30 | |
| Axis 2110 Network Camera | =2.31 | |
| AXIS Video Server | =2.33 | |
| AXIS Video Server | =3.12 | |
| AXIS Video Server | =2.32 | |
| AXIS 2420-IR Network Camera | =2.41 | |
| AXIS Video Server | =1.10 | |
| Axis 2460 Network DVR | ||
| AXIS Video Server | =2.32 | |
| AXIS Video Server | =1.11 | |
| Axis 2100 Network Camera Firmware | =2.40 | |
| Axis 2100 Network Camera Firmware | =2.32 | |
| Axis 2110 Network Camera | =2.40 | |
| AXIS Video Server | =3.11 | |
| AXIS Video Server | =3.12 | |
| Axis 2460 Network DVR | =3.11 | |
| Axis 2100 Network Camera Firmware | =2.34 | |
| AXIS Video Server | =2.0 | |
| AXIS Video Server | =1.2 | |
| AXIS 2420-IR Network Camera | =2.31 | |
| AXIS 2420-IR Network Camera | =2.34 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html
- http://www.securityfocus.com/bid/11011
- http://www.osvdb.org/9122
- http://securitytracker.com/id?1011056
- http://secunia.com/advisories/12353
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17079
Frequently Asked Questions
What is the severity of CVE-2004-2426?
CVE-2004-2426 is classified as a medium severity vulnerability that allows remote attackers to bypass authentication.
How do I fix CVE-2004-2426?
To mitigate CVE-2004-2426, users should update their Axis Network Camera or Video Server to versions that are not affected, specifically versions released after 2.40 and 3.12.
What are the affected software versions for CVE-2004-2426?
CVE-2004-2426 affects Axis Network Camera versions 2.40 and earlier, and Video Server versions 3.12 and earlier.
Can CVE-2004-2426 lead to further attacks?
Yes, once the authentication is bypassed due to CVE-2004-2426, attackers can modify files and conduct additional malicious activities.
Is there a workaround for CVE-2004-2426?
A temporary workaround for CVE-2004-2426 is to restrict access to the affected devices from untrusted networks until a firmware update can be applied.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/axis
- product/2120 network camera
- canonical/axis 2120 network camera
- product/2110 network camera
- canonical/axis 2110 network camera
- product/storpoint cd
- canonical/axis storpoint cd
- product/2100 network camera
- canonical/axis 2100 network camera
- product/2400 video server
- canonical/axis 2400 video server
- product/2411 video server
- canonical/axis 2411 video server
- product/2420 network camera
- canonical/axis 2420 network camera
- product/2420 video server
- canonical/axis 2420 video server
- product/2130 ptz network camera
- canonical/axis 2130 ptz network camera
- product/2401 video server
- canonical/axis 2401 video server
- product/2460 network dvr
- canonical/axis 2460 network dvr
- product/230 mpeg2 video server
- canonical/axis 230 mpeg2 video server
- product/2490 serial server
- canonical/axis 2490 serial server
- product/250s video server
- canonical/axis 250s video server
- agent/software-canonical-lookup-request
- collector/nvd-index
- version/axis 2120 network camera/2.31
- version/axis 2110 network camera/2.32
- canonical/axis 2100 network camera firmware
- version/axis 2100 network camera firmware/2.12
- canonical/axis video server
- version/axis video server/1.15
- version/axis 2100 network camera firmware/2.41
- version/axis video server/2.20
- version/axis video server/3.13
- version/axis 2120 network camera/2.32
- version/axis video server/3.12
- version/axis 2110 network camera/2.41
- canonical/axis 2420-ir network camera
- version/axis 2420-ir network camera/2.33
- version/axis 2420-ir network camera/2.12
- version/axis 2120 network camera/2.34
- version/axis 2100 network camera firmware/2.31
- version/axis 2110 network camera/2.12
- version/axis video server/2.34
- version/axis 2120 network camera/2.30
- version/axis video server/2.32
- canonical/axis ptz camera
- version/axis ptz camera/2.32
- version/axis video server/1.0_1
- version/axis 2420-ir network camera/2.30
- version/axis 2120 network camera/2.12
- version/axis 2460 network dvr/3.10
- canonical/axis 230 mpeg-2 video server
- version/axis 230 mpeg-2 video server/3.11
- version/axis video server/2.33
- version/axis video server/1.12
- version/axis 2100 network camera firmware/2.30
- version/axis ptz camera/2.30
- version/axis 2420-ir network camera/2.32
- version/axis video server/2.31
- version/axis 2110 network camera/2.34
- version/axis 2490 serial server/2.11.3
- version/axis video server/2.30
- version/axis ptz camera/2.34
- version/axis video server/3.10
- version/axis 2120 network camera/2.41
- version/axis 2420-ir network camera/2.40
- version/axis ptz camera/2.31
- version/axis video server/1.1
- version/axis 2120 network camera/2.40
- version/axis ptz camera/2.40
- version/axis 2100 network camera firmware/2.33
- version/axis video server/3.03
- version/axis 2110 network camera/2.30
- version/axis 2110 network camera/2.31
- version/axis 2420-ir network camera/2.41
- version/axis video server/1.10
- version/axis video server/1.11
- version/axis 2100 network camera firmware/2.40
- version/axis 2100 network camera firmware/2.32
- version/axis 2110 network camera/2.40
- version/axis video server/3.11
- version/axis 2460 network dvr/3.11
- version/axis 2100 network camera firmware/2.34
- version/axis video server/2.0
- version/axis video server/1.2
- version/axis 2420-ir network camera/2.31
- version/axis 2420-ir network camera/2.34