CVE-2007-5213

Name of the Vulnerable Software and Affected Versions AXIS 2100 Network Camera versions 2.02 with firmware 2.43 and earlier

Description The issue allows remote attackers to perform actions as administrators due to multiple cross-site request forgery (CSRF) vulnerabilities. This can be demonstrated by changing the SMTP server through the conf SMTP MailServer1 parameter to ServerManager.srv or by changing the hostname through the conf Network HostName parameter on the Network page.

Recommendations For AXIS 2100 Network Camera versions 2.02 with firmware 2.43 and earlier, consider disabling access to the ServerManager.srv and the Network page until a patch is available to prevent exploitation of the CSRF vulnerabilities. Restrict access to the conf SMTP MailServer1 and conf Network HostName parameters to minimize the risk of unauthorized changes.