VULHUB ™

The Axis 700 Network Scan Server includes a small webserver for administration and monitoring purposes. There is password protection available for the administrator pages, but this can be easily bypassed. The Axis 700 checks the requested URL for permissions before final URL conversion, so using a URL like target/nonrestricted/../restricted/ will let anyone into a restricted directory. Also, character substitution will accomplish the same thing, ie replacing any character in the URL with it's %-escaped equivalent.

The Axis 700 Network Scan Server includes a small webserver for administration and monitoring purposes. There is password protection available for the administrator pages, but this can be easily bypassed. The Axis 700 checks the requested URL for permissions before final URL conversion, so using a URL like target/nonrestricted/../restricted/ will let anyone into a restricted directory. Also, character substitution will accomplish the same thing, ie replacing any character in the URL with it's %-escaped equivalent.