[NEWS] Axis Network Camera Default Password VulnerabilityFrom: firstname.lastname@example.org
- Previous message: email@example.com: "[NEWS] AudioGalaxy Username and Password Saved in Cleartext"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: firstname.lastname@example.org To: email@example.com Date: Sat, 8 Dec 2001 17:44:46 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Axis Network Camera Default Password Vulnerability
The <http://www.axis.com/product/camera_servers/index.html > Axis Network
Camera is installed by default with a widely-known default username and
password that allows an attacker to gain privileged access to the embedded
product. This would allow him to use the product as proxy, or as an
attacking station to hide his own address (through the product's telnet
and ftp programs).
Axis Network Camera 2120
Axis Network Camera 2110
Axis Network Camera 2100
Axis Network Camera 200+
Axis Network Camera 200
Axis Network Camera is an embedded system that connects a camera directly
to the network. With data rates up to 25 frames a second and motion
detection. It could be used as a web cam, or for security. This network
camera could also be used as part of an IP-Surveillance system, critical
to a site's infrastructure.
During installation of Axis Network Camera, the administrator is not
prompted for the password for the root account. If the camera is left
improperly configured, the attacker could connect to the device remotely
and obtain administrative access, and reconfigure or interrupt the camera.
Log into any Axis Network Camera via ftp, telnet, or http
Default account: root
Default password: pass
The information has been provided by <mailto:firstname.lastname@example.org> Chris
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: email@example.com
In order to subscribe to the mailing list, simply forward this email to: firstname.lastname@example.org
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.