Latest YouTube Video

Thursday, March 16, 2017

[FD] Axis Camera Multiple Vulnerabilities

Introduction ============ Vulnerabilities were identified in the camera software by Axis. These were discovered during a black box assessment and therefore the vulnerability list should not be considered exhaustive; observations suggest that it is likely that further vulnerabilities exist. Affected Software And Versions ============================== Model P1204, software versions <= 5.50.4 Model P3225, software versions <= 6.30.1 Model P3367, software versions <= 6.10.1.2 Model M3045, software versions <= 6.15.4.1 Model M3005, software versions <= 5.50.5.7 Model M3007, software versions <= 6.30.1.1 CVE === No CVEs have been assigned to these vulnerabilities. Vulnerability Overview ====================== 1. Axis01: No cross-site request forgery protections 2. Axis02: Bypass manual checks for XSS 3. Axis03: Web services run as root 4. Axis04: Script editor function allows for arbitrary write as root on successful CSRF attack 5. Axis05: root setuid .CGI scripts and binaries present 6. Axis06: Inability to disable the http interface Vulnerability Details =====================

Source: Gmail -> IFTTT-> Blogger

No comments: