The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
Name | Vendor | Start Version | End Version |
---|---|---|---|
2100_network_camera | Axis | * | 2.32 (including) |
2110_network_camera | Axis | * | 2.32 (including) |
2120_network_camera | Axis | * | 2.32 (including) |
2130_ptz_network_camera | Axis | * | 2.32 (including) |
2400_video_server | Axis | * | 2.32 (including) |
2401_video_server | Axis | * | 2.32 (including) |
2420_network_camera | Axis | * | 2.32 (including) |
2460_network_dvr | Axis | * | 3.00 (including) |
250s_video_server | Axis | * | 3.02 (including) |