CVE-2004-2425

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.

Published: Dec 31, 2004
Updated: Nov 9, 2025
CVE: CVE-2004-2425
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
axis / 2120_network_camera	2.31	2.31.x
axis / 2110_network_camera	2.32	2.32.x
axis / storpoint_cd	-	-
axis / 2100_network_camera	2.12	2.12.x
axis / 2400_video_server	1.15	1.15.x
axis / 2100_network_camera	2.41	2.41.x
axis / 2400_video_server	2.20	2.20.x
axis / 2411_video_server	3.13	3.13.x
axis / 2120_network_camera	2.32	2.32.x
axis / 2400_video_server	3.12	3.12.x
axis / 2110_network_camera	2.41	2.41.x
axis / 2420_network_camera	2.33	2.33.x
axis / 2420_network_camera	2.12	2.12.x
axis / 2120_network_camera	2.34	2.34.x
axis / 2100_network_camera	2.31	2.31.x
axis / 2110_network_camera	2.12	2.12.x
axis / 2420_video_server	2.34	2.34.x
axis / 2120_network_camera	2.30	2.30.x
axis / 2420_video_server	2.32	2.32.x
axis / 2130_ptz_network_camera	2.32	2.32.x
axis / 2401_video_server	1.0_1	1.0_1.x
axis / 2420_network_camera	2.30	2.30.x
axis / 2401_video_server	1.15	1.15.x
axis / 2401_video_server	3.13	3.13.x
axis / 2120_network_camera	2.12	2.12.x
axis / 2460_network_dvr	3.10	3.10.x
axis / 230_mpeg2_video_server	3.11	3.11.x
axis / 2401_video_server	2.33	2.33.x
axis / 2400_video_server	1.12	1.12.x
axis / 2100_network_camera	2.30	2.30.x
axis / 2130_ptz_network_camera	2.30	2.30.x
axis / 2420_network_camera	2.32	2.32.x
axis / 2400_video_server	2.31	2.31.x
axis / 2110_network_camera	2.34	2.34.x
axis / 2490_serial_server	2.11.3	2.11.3.x
axis / 2401_video_server	2.20	2.20.x
axis / 2400_video_server	2.30	2.30.x
axis / 2130_ptz_network_camera	2.34	2.34.x
axis / 250s_video_server	3.10	3.10.x
axis / 2120_network_camera	2.41	2.41.x
axis / 2420_network_camera	2.40	2.40.x
axis / 2490_serial_server	-	-
axis / 2401_video_server	2.34	2.34.x
axis / 2130_ptz_network_camera	2.31	2.31.x
axis / 250s_video_server	-	-
axis / 2401_video_server	2.30	2.30.x
axis / 2400_video_server	1.1	1.1.x
axis / 2401_video_server	2.31	2.31.x
axis / 2120_network_camera	2.40	2.40.x
axis / 2400_video_server	2.34	2.34.x
axis / 2130_ptz_network_camera	2.40	2.40.x
axis / 2100_network_camera	2.33	2.33.x
axis / 250s_video_server	3.03	3.03.x
axis / 2110_network_camera	2.30	2.30.x
axis / 2110_network_camera	2.31	2.31.x
axis / 2400_video_server	2.33	2.33.x
axis / 2401_video_server	3.12	3.12.x
axis / 2401_video_server	2.32	2.32.x
axis / 2420_network_camera	2.41	2.41.x
axis / 2400_video_server	1.10	1.10.x
axis / 2460_network_dvr	-	-
axis / 2400_video_server	2.32	2.32.x
axis / 2400_video_server	1.11	1.11.x
axis / 2100_network_camera	2.40	2.40.x
axis / 2100_network_camera	2.32	2.32.x
axis / 2110_network_camera	2.40	2.40.x
axis / 2400_video_server	3.11	3.11.x
axis / 2411_video_server	3.12	3.12.x
axis / 2460_network_dvr	3.11	3.11.x
axis / 2100_network_camera	2.34	2.34.x
axis / 2400_video_server	2.0	2.0.x
axis / 2400_video_server	1.2	1.2.x
axis / 2420_network_camera	2.31	2.31.x
axis / 2420_network_camera	2.34	2.34.x

Vulnerability Database

308,379

CVE-2004-2425

Deep Security Visibility Without the Complexity