177 matches found
CVE-2023-21415
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlaydel.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has...
CVE-2023-21414
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering commonly known as Secure Boot contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AX...
CVE-2023-21413 Remote code execution vulnerability during the installation of ACAP applications on the Axis device
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...
CVE-2023-21413
The CVE-2023-21413 vulnerability affects Axis OS on Axis devices, where the ACAP application installation process is vulnerable to command injection in the application handling service. This enables remote code execution (RCE) if an attacker can leverage the installation flow. Public risk scores ...
CVE-2023-21413 Remote code execution vulnerability during the installation of ACAP applications on the Axis device
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...
PT-2023-18185 · Axis Communications · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: A flaw has been discovered in the protection for device tampering, commonly known as Secure Boot, which provides an opportunity for a sophisticated attack to bypass this protection. The iss...
PT-2023-18184 · Axis · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS versions affected versions not specified Description: A flaw has been found that allows for remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was...
PT-2023-7487 · Axis Communications · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The issue is related to the VAPIX API in the AXIS OS, specifically with the overlay del.cgi endpoint, which is vulnerable to path traversal attacks. This allows an attacker, after...
AXIS OS Path Traversal Vulnerability
AXIS Os is an edge device operating system from the Swedish company Axis. A security vulnerability exists in AXIS OS versions 10.11 through 11.5, which stems from a path traversal attack in the VAPIX APIoverlaydel.cgi that allows file deletion...
AXIS OS Command Injection Vulnerability
AXIS Os is an edge device operating system from Axis of Sweden. A security vulnerability exists in AXIS OS versions 10.11 through 11.5 that originates from allowing remote code execution during installation of the ACAP application on an Axis device...
CVE-2023-21404
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data...
AXIS OS 安全漏洞
AXIS Os is an edge device operating system from Axis Sweden. A security vulnerability exists in AXIS OS versions 11.0.x-11.3.x, which stems from the use of static RSA keys in legacy LUA components to protect Axis-specific source code...
CVE-2023-21404
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data...
CVE-2023-21404
CVE-2023-21404 affects AXIS OS 11.0.X–11.3.x, where a static RSA key is embedded in legacy LUA components to protect Axis-specific source code. The documents state this key is not used in other secure communications and cannot be used to compromise the device or customer data. No exploitation det...
Axis Device Detection Consolidation
Consolidation of Axis devices detections. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.170300"...
IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft
Three vulnerabilities in the IP video-surveillance systems created by Axis Communications could allow arbitrary code execution, among other attacks. That’s according to Nozomi Networks Labs, whose researchers examined the company’s Axis Companion Recorder, a compact network video recorder NVR tha...
Axis Os 缓冲区错误漏洞
Axis Os is an edge device operating system from Axis of Sweden. A security vulnerability exists in AXIS OS 6.40 or later that stems from not properly validating control parameters related to SMTP notifications. This could lead to a buffer overflow and data leakage...