PT-2024-38846

Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The VAPIX API ftptest.cgi did not have sufficient input validation, allowing for a possible command injection. This could lead to the ability to transfer files from or to the Axis...

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden AXIS. A security vulnerability exists in AXIS OS versions 6.50 through 11.11. An attacker exploited the vulnerability to cause the device to run out of resources...

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...

PT-2024-15331 · Axis · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: The VAPIX API ledlimit.cgi is vulnerable to path traversal attacks, allowing attackers to list folder and file names on the local file system of the Axis device. This issue was discovered b...

PT-2024-38017 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: A broken access control issue has been discovered, allowing less-privileged operator- and/or viewer accounts to have more privileges than designed. The risk of exploitation is very low, as ...

AXIS OS Security Vulnerability

AXIS Os is an edge device operating system from Axis Sweden AXIS. A security vulnerability exists in AXIS OS versions 5.51 through 11.9, which stems from an O3C feature that could expose sensitive traffic between the client and the server...

AXIS OS Security Vulnerability

AXIS Os is an edge device operating system from AXIS of Sweden. A security vulnerability exists in AXIS OS versions 10.12 through 11.8, which stems from the vulnerability of the VAPIX APIs mediaclip.cgi and playclip.cgi to a file globbing attack that can lead to resource exhaustion...

CVE-2023-5800

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...

PT-2024-14833 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: The VAPIX API create overlay.cgi did not have sufficient input validation, allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an...

The vulnerability of the APIX application programming interface for the AXIS OS operating system allows a perpetrator to trigger a service failure.

The vulnerability of the APIX application programming interface for the AXIS OS operating system is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the APIX application programming interface for the AXIS OS operating system allows a hacker to delete any files they desire.

The vulnerability of the APIX application programming interface for the AXIS OS operating system relates to incorrect restrictions on path names to restricted directories. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files remotely...

The vulnerability of the APIX application programming interface for the AXIS OS operating system allows a hacker to delete any files they desire.

The vulnerability of the APIX application programming interface for the AXIS OS operating system relates to incorrect restrictions on path names to restricted directories. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files remotely...

The vulnerability of the APIX application programming interface for the AXIS OS operating system allows a hacker to delete any files they desire.

The vulnerability of the APIX application programming interface for the AXIS OS operating system relates to incorrect restrictions on path names to restricted directories. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files remotely...

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

AXIS OS Path Traversal Vulnerability

AXIS Os is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from the VAPIX API irissetup.cgi being susceptible to a path traversal attack that allows file deletion...

AXIS OS Security Vulnerability

AXIS Os is an edge device operating system from Swedish company Axis AXIS. A security vulnerability exists in AXIS OS versions 10.8 through 11.6, which stems from the vulnerability to bypassing protection for sophisticated attacks...

AXIS OS Security Vulnerability

AXIS Os is an edge device operating system from the Swedish company Axis. AXIS OS suffers from a security vulnerability that stems from the VAPIX API dynamicoverlay.cgi being susceptible to a denial of service attack, which could allow an attacker to block access to the overlay configuration page...

CVE-2023-21414

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering commonly known as Secure Boot contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AX...

CVE-2023-21413

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...

Axis OS 安全漏洞

Axis Os is an edge device operating system from Axis of Sweden. A security vulnerability exists in Axis devices AXIS OS version 5.51 and later versions, which stems from a failure to properly validate user control parameters related to the SMTP test function...