Axis 2400 Manual

The Axis Communications AXIS 2400 Video server (IP transmission) is one of 40 Video servers (IP transmission) from Axis Communications featured on SourceSecurity.com. AXIS 2400/01 Video Server. AXIS 2400/2401 Video Server on your network. • download user documentation and firmware updates. Penguin Quick Guides Business English Phrases Pdf. Video Servers Administration Manual. Administrators and users of the AXIS 2400+/2401+ Video Server. • download user documentation and firmware updates. Axis Network Camera HTTP Authentication BypassCore Security Technologies. Axis Network Camera HTTP Authentication Bypass. Buku Pengantar Filsafat Ilmu Pdf File. AXIS 2400 Video Server.

Axis Network Camera HTTP Authentication Bypass Core Security Technologies Advisory Date Published: 2003-05-27 Last Update: 2003-05-23 Advisory ID: CORE-2003-0403 Bugtraq ID: CVE Name: Title: Axis Network Camera HTTP Authentication Bypass Class: Access Validation Error Remotely Exploitable: Yes Locally Exploitable: No Vendors contacted: - Axis Communications. Core Notification: 2003-04-10. Notification acknowledged by Axis: 2003-04-17.

2.34 Release candidate for the Axis 2400/2401 Video Servers available: 2003-04-17. Fixed versions available for all affected products: 2003-05-27 Release Mode: COORDINATED RELEASE *Vulnerability Description:* An Axis Network Camera captures and transmits live images directly over an IP network (e.g. LAN/intranet/Internet), enabling users to remotely view and/or manage the camera from a Web browser on any computer. For more information see After setting up the Axis Camera, the user is provided with Web-based Administration Tools for configuring and managing the camera by accessing, which requires a username and password. We have discovered the following security vulnerability: by accessing (notice the double slash) the authentication for 'admin' is bypassed and an attacker gains direct access to the configuration. Using this vulnerability, an attacker can reset the root password, then enable the telnet server by modifying configuration files, giving the attacker interactive access to a Unix like command line, allowing her to execute arbitrary commands as root.

*Vulnerable Packages:*. AXIS 2100 Network Camera versions 2.32 and previous. AXIS 2110 Network Camera versions 2.32 and previous.

AXIS 2120 Network Camera versions 2.32 and previous. AXIS 2130 PTZ Network Camera versions 2.32 and previous. AXIS 2400 Video Server versions 2.32 and previous. AXIS 2401 Video Server versions 2.32 and previous.

AXIS 2420 Network Camera versions 2.32 and previous. AXIS 2460 Network DVR versions 3.00 and previous. AXIS 250S Video Server versions 3.02 and previous *Solution/Vendor Information/Workaround:* Axis Communications has released new firmwares closing this vulnerability in its Network Camera and Video Server products. New releases are available at: AXIS 2100 Network Camera: 2.34 AXIS 2110 Network Camera: 2.34 AXIS 2120 Network Camera: 2.34 AXIS 2130 Network Camera: 2.34 AXIS 2400 Video Server: 2.34 AXIS 2401 Video Server: 2.34 AXIS 2420 Network Camera: 2.34 AXIS 2460 Network DVR: 3.10 AXIS 250S Video Server: 3.03 Recommended Actions: We strongly recommend that all devices are updated to these firmware versions. *Credits:* This vulnerability was found by Juliano Rizzo from Core Security Technologies. We wish to thank Joacim Tullberg from Axis for his quick response to this issue. *Technical Description - Exploit/Concept Code:* We have discovered the following security vulnerability: by accessing (notice the double slash) the authentication for 'admin' is bypassed and an attacker gains direct access to the configuration.