CVE-2007-5212

Name of the Vulnerable Software and Affected Versions AXIS 2100 Network Camera version 2.02 with firmware before 2.43

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via parameters associated with saved settings, such as the conf SMTP MailServer1 parameter to "ServerManager.srv", or the subpage parameter to "wizard/first/wizard main first.shtml". Additionally, an attacker can exploit a CSRF vulnerability to modify saved settings.

Recommendations For AXIS 2100 Network Camera version 2.02 with firmware before 2.43, update the firmware to version 2.43 or later to resolve the issue. As a temporary workaround, consider restricting access to the "ServerManager.srv" and "wizard/first/wizard main first.shtml" endpoints to minimize the risk of exploitation. Avoid using the conf SMTP MailServer1 and subpage parameters in the affected endpoints until the issue is resolved.