CVE-2003-0240

The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).

Published: Jun 9, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0240
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
axis / 2100_network_camera	-	2.32.x
axis / 2420_network_camera	-	2.32.x
axis / 2400_video_server	-	2.32.x
axis / 2460_network_dvr	-	3.00.x
axis / 2120_network_camera	-	2.32.x
axis / 2401_video_server	-	2.32.x
axis / 250s_video_server	-	3.02.x
axis / 2110_network_camera	-	2.32.x
axis / 2130_ptz_network_camera	-	2.32.x

http://marc.info/?l=bugtraq&m=105406374731579&w=2
http://secunia.com/advisories/8876
http://securitytracker.com/id?1006854
http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
http://www.kb.cert.org/vuls/id/799060
http://www.osvdb.org/4804
http://www.securityfocus.com/bid/7652
https://exchange.xforce.ibmcloud.com/vulnerabilities/12104

Vulnerability Database

290,018

CVE-2003-0240