[23408] in bugtraq
Axis Network Camera known default password vulnerability
daemon@ATHENA.MIT.EDU (Chris Gragsone)
Wed Dec 5 17:43:47 2001
Message-ID: <3C0E5357.1080105@realwarp.net>
Date: Wed, 05 Dec 2001 12:03:19 -0500
From: Chris Gragsone <maetrics@realwarp.net>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Axis Network Camera known default password vulnerability
by Chris Gragsone
Foot Clan
Date: November 17, 2001
Advisory ID: Foot-20011117
Impact of vulnerability: Default Password
Exploitable: Remotely
Maximum Risk: Moderate
Affected Software:
Axis Network Camera 2120
Axis Network Camera 2110
Axis Network Camera 2100
Axis Network Camera 200+
Axis Network Camera 200
Vulnerability Description:
Axis Network Camera is an embedded system that connects a camera
directly to the network. With data rates up to 25 frames a second and
motion detection. It could be used as a web cam, or for security. This
network camera could also be used as part of an IP-Surveillance system,
critical to a site's infrastructure.
During installation of Axis Network Camera, the administrator is not
prompted for the password for the root account. If the camera is left
improperly configured, the attacker could connect to the device remotely
and obtain administrative access, and reconfigure or interrupt the camera.
Vulnerability:
Log into any Axis Network Camera via ftp, telnet, or http
Default account: root
Default password: pass
References:
http://www.axis.com/product/camera_servers/index.html
http://www.axis.com/solutions/cam_vid/surveillance/index.html
Contact:
http://footclan.realwarp.net Chris Gragsone (maetrics@realwarp.net)
Disclaimer:
The contents of this advisory are copyright (c)2001 Foot Clan and may be
distributed freely provided that no fee is charged for this distribution
and proper credit is given.
