It has been reported that the Axis Video Server does not properly secure sensitive information. Because of this, an attacker may be able to gather details about server operation and traffic that could lead to further attacks.
Axis 2400 Network Camera Webserver Message Log Disclosure
Remote / Network Access
Loss of Confidentiality
Axis Network Camera contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when getting the /support/messages on the target webserver, which will disclose the '/var/log/messages' system logfile which can contains sensitive information resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
Add the two following lines in '/etc/httpd/conf/boa.conf' :
AuthPath /usr/html/support/ axadmin
AuthPath /support/ axadmin