CVE-2007-4930
AXIS 207W Network Camera - Cross-Site Request Forgery via Admin Endpoints
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2007-4930. PoCs published by Seth Fogie.
AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Axis Communications 207W Network Camera, including XSS, CSRF, and DoS. It includes a specific endpoint to reboot the camera, demonstrating a DoS vector.
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml.
Exploits (3)
The provided text describes multiple vulnerabilities in Axis Communications 207W Network Camera, including XSS, CSRF, and DoS. It includes a specific endpoint to reboot the camera, demonstrating a DoS vector.
This exploit demonstrates a CSRF vulnerability in Axis Communications 207W Network Camera, allowing an attacker to add a new administrator account via a crafted HTTP request. The PoC includes a direct URL to trigger the vulnerability without authentication.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Axis Communications 207W Network Camera's web interface. It leverages an iframe injection to potentially compromise the device or add a backdoor.