https://www.exploit-db.com/exploits/19784
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200002-084

AxisStorPointCD存在漏洞。远程攻击者借助..(点点)攻击可以在未经认证情况下访问管理员URL。

source: http://www.securityfocus.com/bid/1025/info

Axis StorPoint CD and Axis StorPoint CD/T are CD ROM servers (actual hardware units)sold by Axis Communications. Both of these appliances support remote management 
via SNMP MIB-II and private enterprise MIB as well as from the web via a system-supplied webserver. In regards to the web based administration, users can completely bypass authentication (username and password) by using a specified URL. The actual login page is located at:

http://server/config/html/cnf_gi.htm

However, by using:

http://server/cd/../config/html/cnf_gi.htm

A user side steps the login page and gains administrative access to the appliance.

http://server/cd/../config/html/cnf_gi.htm

来源:BUGTRAQ
名称:20000229Infosec.20000229.axisstorpointcd.a
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg;[email protected]
来源:BID
名称:1025
链接:http://www.securityfocus.com/bid/1025
来源:OSVDB
名称:19
链接:http://www.osvdb.org/19