[NEWS] Axis Network Camera Default Password Vulnerability

From: support@securiteam.com
Date: 12/08/01


From: support@securiteam.com
To: list@securiteam.com
Date: Sat,  8 Dec 2001 17:44:46 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Axis Network Camera Default Password Vulnerability
------------------------------------------------------------------------

SUMMARY

The <http://www.axis.com/product/camera_servers/index.html > Axis Network
Camera is installed by default with a widely-known default username and
password that allows an attacker to gain privileged access to the embedded
product. This would allow him to use the product as proxy, or as an
attacking station to hide his own address (through the product's telnet
and ftp programs).

DETAILS

Vulnerable systems:
Axis Network Camera 2120
Axis Network Camera 2110
Axis Network Camera 2100
Axis Network Camera 200+
Axis Network Camera 200

Axis Network Camera is an embedded system that connects a camera directly
to the network. With data rates up to 25 frames a second and motion
detection. It could be used as a web cam, or for security. This network
camera could also be used as part of an IP-Surveillance system, critical
to a site's infrastructure.

During installation of Axis Network Camera, the administrator is not
prompted for the password for the root account. If the camera is left
improperly configured, the attacker could connect to the device remotely
and obtain administrative access, and reconfigure or interrupt the camera.

Vulnerability:
Log into any Axis Network Camera via ftp, telnet, or http
Default account: root
Default password: pass

ADDITIONAL INFORMATION

The information has been provided by <mailto:maetrics@realwarp.net> Chris
Gragsone.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • [UNIX] Multiple Security Issues in Geeklog (XSS, SQL Inject)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... the vulnerabilities would allow a remote attacker to ... SQL Injection: ...
    (Securiteam)
  • [UNIX] Command execution in phprojekt
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... So an attacker could go to ... And the script at http://hacker/nasty/scripts/access_form.inc.php would ...
    (Securiteam)
  • [UNIX] Mailman Email Archive Cross Site Scripting Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Mailman is the GNU mailing list ... an attacker to trick a user into thinking something the attacker wrote ...
    (Securiteam)