Axis Network Camera known default password vulnerability by Chris Gragsone Foot Clan Date: November 17, 2001 Advisory ID: Foot-20011117 Impact of vulnerability: Default Password Exploitable: Remotely Maximum Risk: Moderate Affected Software: Axis Network Camera 2120 Axis Network Camera 2110 Axis Network Camera 2100 Axis Network Camera 200+ Axis Network Camera 200 Vulnerability Description: Axis Network Camera is an embedded system that connects a camera directly to the network. With data rates up to 25 frames a second and motion detection. It could be used as a web cam, or for security. This network camera could also be used as part of an IP-Surveillance system, critical to a site's infrastructure. During installation of Axis Network Camera, the administrator is not prompted for the password for the root account. If the camera is left improperly configured, the attacker could connect to the device remotely and obtain administrative access, and reconfigure or interrupt the camera. Vulnerability: Log into any Axis Network Camera via ftp, telnet, or http Default account: root Default password: pass References: http://www.axis.com/product/camera_servers/index.html http://www.axis.com/solutions/cam_vid/surveillance/index.html Contact: http://footclan.realwarp.net Chris Gragsone (maetrics@realwarp.net) Disclaimer: The contents of this advisory are copyright (c)2001 Foot Clan and may be distributed freely provided that no fee is charged for this distribution and proper credit is given.
