axis camera vulnerability

• axis camera vulnerability
• Blog
• About
• Tutorials

I was just making a comment similar to what I see every time there is a Hik/Dahua vulnerability announced.

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi. I'll go first: Dahua is a 10 since it's so easy to do. NOTE: the vendor reportedly indicates that this is an intended feature or functionality. Sure, some only allow you to view an unauthorized feed or something much less nefarious than root access to the OS. but to me a vulnerability is a vulnerability to a great extent. Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value. Your presumption that certain vulnerabilities are worse than others (a scale of 1 to 10) presumes that all exploitable vulnerabilities will result in the same impact to the system. The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors. Anyone who relies on their particular brand to ensure absolutely zero vulnerabilities is foolish to do so. On a scale of 1 - 10, please rank the above Axis vulnerability to the Dahua vulnerability from this month. Jon, rather than a sarcastic comment, can you offer something of analytic substance to the discussion? but to me a vulnerability is a vulnerability to a great extent.

Your presumption that certain vulnerabilities are worse than others (a scale of 1 to 10) presumes that all exploitable vulnerabilities will result in the same impact to the system. My concern is the disconnect between our industry and network security professionals. In that time frame, there has easily been millions of Axis cameras shipped, now at risk. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "