CVE-2004-2427

Name of the Vulnerable Software and Affected Versions: Axis Network Camera versions 2.40 and earlier Axis Video Server versions 3.12 and earlier

Description: The issue allows remote attackers to obtain sensitive information via direct requests to API endpoints such as "admin/getparam.cgi", "admin/systemlog.cgi", "admin/serverreport.cgi", and "admin/paramlist.cgi". It also enables modification of system information via "setparam.cgi" and "factorydefault.cgi", or causes a denial of service (reboot) via "restart.cgi".

Recommendations: For Axis Network Camera versions 2.40 and earlier, update to a version later than 2.40 to resolve the issue. For Axis Video Server versions 3.12 and earlier, update to a version later than 3.12 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints, such as "admin/getparam.cgi", "admin/systemlog.cgi", "admin/serverreport.cgi", "admin/paramlist.cgi", "setparam.cgi", "factorydefault.cgi", and "restart.cgi", until a patch is available.