CVE-2007-5213

{"id": "CVE-2007-5213", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-10-04T23:17:00.000", "references": [{"url": "http://osvdb.org/39490", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/39491", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3188", "source": "cve@mitre.org"}, {"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25837", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/39490", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/39491", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/3188", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/480995/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/25837", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en AXIS 2100 Network Camera 2.02 con firmware 2.43 y anteriores permite a atacantes remotos llevar a cabo acciones como administrador, como ha sido demostrado por (1) un cambio del servidor SMTP a trav\u00e9s del par\u00e1metro conf_SMTP_MailServer1 a ServerManager.srv y (2) un cambio del nombre de m\u00e1quina a trav\u00e9s del par\u00e1metro conf_Network_HostName en la p\u00e1gina Network."}], "lastModified": "2024-11-21T00:37:23.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:axis:2100_network_camera:2.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7B83A6F-1996-49B7-BA76-98B83548F289"}, {"criteria": "cpe:2.3:h:axis:2100_network_camera_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "541AA285-A04A-4102-BEA7-EDC522B78A01", "versionEndIncluding": "2.42"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}