Think you have a false positive on this rule?

Sid 1-


SERVER-WEBAPP Axis Network Camera authorization bypass attempt


This event is generated when an attempt to bypass the authorization mechanism for the web interface on an Axis Network Attached Camera is detected.


Web Application Attack

Detailed information

This detection looks for a request containing the pattern "[unprotected page].html/[protected page].srv". This pattern is used to bypass authorization on vulnerable Axis Network Attached Cameras, allowing unauthenticated access to the protected ".srv" page.

Affected systems

- Please see the Axis affected product list for a complete list of affected systems.


Ease of attack

False positives

None Known

False negatives

None Known

Corrective action


  • Cisco Talos Intelligence Group

Additional References

  • CVE-2018-10662
  • CVE-2018-10658
  • CVE-2018-10659
  • CVE-2018-10663
  • CVE-2018-10661