Description
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
Exploits (1)
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17076
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/9121
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11011
Patch, Vendor Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1282.html
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12353
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0948.html
Exploit, Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1011056
Scores
EPSS
0.2566
EPSS Percentile
96.3%
Details
Status
published
Products (50)
axis/2100_network_camera
2.12
axis/2100_network_camera
2.30
axis/2100_network_camera
2.31
axis/2100_network_camera
2.32
axis/2100_network_camera
2.33
axis/2100_network_camera
2.34
axis/2100_network_camera
2.40
axis/2100_network_camera
2.41
axis/2110_network_camera
2.12
axis/2110_network_camera
2.30
... and 40 more
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026