CVE-2007-5213

Axis 2100 Network Camera < 2.42 - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.

References (6)

[Exploit] http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/480995/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25837

[Third Party Advisory, VDB Entry] http://osvdb.org/39490

[Third Party Advisory, VDB Entry] http://osvdb.org/39491

[Third Party Advisory] http://securityreason.com/securityalert/3188

Scores

EPSS 0.0075

EPSS Percentile 72.9%

Classification

CWE

CWE-352

Status draft

Affected Products (2)

axis/2100_network_camera

axis/2100_network_camera_firmware < 2.42

Timeline

Published Oct 04, 2007

Tracked Since Feb 18, 2026