V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2003-0240
CVE
CriticalConfirmedExploit available

The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and …

CVSS
10.0
Critical
EPSS
0.30
p97
Published
2003-01-01
Updated
2003-01-01
Description

The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).

Affected products
2100_network_camera ≤ 2.322110_network_camera ≤ 2.322120_network_camera ≤ 2.322130_ptz_network_camera ≤ 2.322400_video_server ≤ 2.322401_video_server ≤ 2.322420_network_camera ≤ 2.322460_network_dvr ≤ 3.00250s_video_server ≤ 3.02
CVSS vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Timeline
2003-01-01
Published
2003-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Authentication
Au: N
None (N)
Confidentiality Impact
C: C
Complete
Integrity Impact
I: C
Complete
Availability Impact
A: C
Complete
Exploit indicators
EPSS
0.295 · p97
Known exploited (KEV)
No
Known exploits — Сканер-ВС
22626
exploitdb · https://www.exploit-db.com/exploits/22626
Enterprise
Affected products
Axis
2100 Network Camera2110 Network Camera2120 Network Camera2400 Video Server2401 Video Server2420 Network Camera2130 Ptz Network Camera2460 Network Dvr250s Video Server
ProductVendorStatus
2100_network_camera*Tracked
2110_network_camera*Tracked
2120_network_camera*Tracked
2130_ptz_network_camera*Tracked
2400_video_server*Tracked
2401_video_server*Tracked
2420_network_camera*Tracked
2460_network_dvr*Tracked
250s_video_server*Tracked
Source databases
CVE