Title: Axis Embedded Device Authentication Buffer Overflow Vulnerability
Severity: HIGH
Description:
Axis Network Cameras, Video Servers, and Network Digital Video Recorders contain a modified version of the Boa web server running on embedded Linux.
There is an unchecked buffer in the authentication code for the modified Boa web server. Successful exploitation of this vulnerability may lead to a denial of service or execution of arbitrary code. Since this issue exists in the authentication code, it may be possible for an attacker to exploit this vulnerability without being logged in.
This vulnerability only exists in this modified version of Boa and not the official Boa distribution version.
Affected Products:
- Axis Communications 2100 Network Camera 2.33.0
- Axis Communications 2130 PTZ Network Camera 2.32.0
- Axis Communications 2400 Video Server 1.12.0
- Axis Communications 2420 Network Camera 2.33.0
- Axis Communications MPEG-2 Video Server 0.0.0250S
- Axis Communications Network Camera 0.0.02100
- Axis Communications Network Camera 0.0.02110
- Axis Communications Network Camera 0.0.02120
- Axis Communications Network DVR 0.0.02460
- Axis Communications Serial Server 0.0.02490
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
