Bugtraq mailing list archives
Axis Network Camera known default password vulnerability
From: Chris Gragsone <maetrics () realwarp net>
Date: Wed, 05 Dec 2001 12:03:19 -0500
Axis Network Camera known default password vulnerability by Chris Gragsone Foot Clan Date: November 17, 2001 Advisory ID: Foot-20011117 Impact of vulnerability: Default Password Exploitable: Remotely Maximum Risk: Moderate Affected Software: Axis Network Camera 2120 Axis Network Camera 2110 Axis Network Camera 2100 Axis Network Camera 200+ Axis Network Camera 200 Vulnerability Description:Axis Network Camera is an embedded system that connects a camera directly to the network. With data rates up to 25 frames a second and motion detection. It could be used as a web cam, or for security. This network camera could also be used as part of an IP-Surveillance system, critical to a site's infrastructure.
During installation of Axis Network Camera, the administrator is not prompted for the password for the root account. If the camera is left improperly configured, the attacker could connect to the device remotely and obtain administrative access, and reconfigure or interrupt the camera.
Vulnerability: Log into any Axis Network Camera via ftp, telnet, or http Default account: root Default password: pass References:http://www.axis.com/product/camera_servers/index.html http://www.axis.com/solutions/cam_vid/surveillance/index.html
Contact: http://footclan.realwarp.net Chris Gragsone (maetrics () realwarp net) Disclaimer:The contents of this advisory are copyright (c)2001 Foot Clan and may be distributed freely provided that no fee is charged for this distribution and proper credit is given.
Current thread:
- Axis Network Camera known default password vulnerability Chris Gragsone (Dec 05)
- <Possible follow-ups>
- Re: Axis Network Camera known default password vulnerability Torgeir Hansen (Dec 06)
- Re: Axis Network Camera known default password vulnerability Joacim Tullberg (Dec 06)