PT-2017-14263 · Axis · Axis 2100 Network Camera

Published

2017-10-25

Updated

2017-11-14

CVE-2017-15885

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Axis 2100 Network Camera version 2.03

Description The issue concerns a Reflected XSS in the web administration portal. An attacker can execute arbitrary JavaScript via the conf Layout OwnTitle parameter to the "view/view.shtml" endpoint.

Recommendations For Axis 2100 Network Camera version 2.03, avoid using the conf Layout OwnTitle parameter in the "view/view.shtml" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the web administration portal to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-15885

Affected Products

Axis 2100 Network Camera

PT-2017-14263 · Axis · Axis 2100 Network Camera

CVE-2017-15885

Weakness Enumeration

Related Identifiers

Affected Products

References · 3