Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18096
HistoryOct 01, 2007 - 12:00 a.m.

Owning Big Brother: How to Crack into Axis IP cameras

2007-10-0100:00:00
vulners.com
21
JSON

The research is made of two components: a purple paper and a video. The research doesn't just cover boring PoCs, but actual Hollywood-style exploits :-) . Yes, this includes the classic attack in which the legitimate video stream gets replaced by another stream that keeps looping forever!

In the paper we only cover new vulnerabilities affecting older and the latest firmware. The most eye-catching ones are perhaps the following issues affecting the latest version of the firmware (2.43):

System-wide Cross-site Request Forgeries (CSRF) – any admin action can be forged by design!
Non-persistent Cross-site Scripting (XSS) on 404 error pages
Persistent cross-site Scripting (XSS) on the network settings page
Persistent cross-site Scripting (XSS) on the video viewing page
Persistent cross-site Scripting (XSS) on the logs viewing facility

For more info please see: http://www.procheckup.com/Vulnerability_2007.php

JSON