CVE-2003-0240

Axis Network Camera < 2.32 - Unauthenticated Configuration Modification via Double Slash Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0240. PoCs published by Juliano Rizzo.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Axis Communications products by accessing the administrative interface via a specially crafted URL. The vulnerability allows remote users to bypass authentication and access sensitive configuration settings.

Description

The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Juliano Rizzo · textremotehardware

https://www.exploit-db.com/exploits/22626

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Axis Communications products by accessing the administrative interface via a specially crafted URL. The vulnerability allows remote users to bypass authentication and access sensitive configuration settings.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Axis Communications products (various versions)

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK