header-logo
Suggest Exploit
vendor:
Video Server
by:
SecurityFocus
8.8
CVSS
HIGH
Command Injection
78
CWE
Product Name: Video Server
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2002-0231
CPE: h:axis:video_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
2002

Command Injection Vulnerability in Axis Video Server

It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which can result in a denial of service, or potentially command execution.

Mitigation:

Upgrade to the latest version of the Axis Video Server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6987/info

It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of service, or potentially command execution. 

http://www.example.com/axis-cgi/buffer/command.cgi?buffername=X&prealarm=1&postalarm=1&do=start&uri=/jpg/quad.jpg&format=[bad input]

http://www.example.com/axis-cgi/buffer/command.cgi?whatever paramsbuffername=[relative path to directory]format=[relative path to arbitrary file name]

Navigation

Suggest Exploit

Services By CQR