the following security vulnerability: by accessing http://camera-ip//admin/admin.shtml (notice the double slash) the authentication for "admin" is bypassed and an attacker gains direct access to the configuration.
Using this vulnerability, an attacker can reset the root password, then enable the telnet server by modifying configuration files, giving the attacker interactive access to a Unix like command line, allowing her to execute arbitrary commands as root.
*Vulnerable Packages:*
. AXIS 2100 Network Camera versions 2.32 and previous . AXIS 2110 Network Camera versions 2.32 and previous . AXIS 2120 Network Camera versions 2.32 and previous . AXIS 2130 PTZ Network Camera versions 2.32 and previous . AXIS 2400 Video Server versions 2.32 and previous . AXIS 2401 Video Server versions 2.32 and previous . AXIS 2420 Network Camera versions 2.32 and previous . AXIS 2460 Network DVR versions 3.00 and previous . AXIS 250S Video Server versions 3.02 and previous