164 matches found
CVE-2024-0054
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs locallist.cgi, createoverlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please...
CVE-2024-0054
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs locallist.cgi, createoverlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please...
PT-2024-15328 · Axis Communications · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The VAPIX APIs, specifically the "mediaclip.cgi" and "playclip.cgi" endpoints, were found to be vulnerable to file globbing, which could lead to a resource exhaustion attack. This iss...
AXIS OS RCE Vulnerability (Feb 2024)
AXIS OS is prone to a remote code execution RCE vulnerability on severaldevices. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
AXIS OS RCE Vulnerability (Feb 2024)
AXIS OS is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:axis:axisos"; if...
Axis Communications Multiple Products Remote Code Execution (CVE-2023-5677)
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impac...
CVE-2023-5800
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...
CVE-2023-5677
Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged...
Input validation
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...
Input validation
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impac...
CVE-2023-5800
CVE-2023-5800 concerns Axis OS: the VAPIX API create_overlay.cgi lacks sufficient input validation, enabling remote code execution. Exploitation requires an operator/admin-privileged service account and network access, with impact on confidentiality, integrity, and availability listed as high. Ax...
CVE-2023-5800 Insufficient input validation in VAPIX API create_overlay.cgi
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...
CVE-2023-5800 Insufficient input validation in VAPIX API create_overlay.cgi
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...
CVE-2023-5677
Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged...
CVE-2023-5677
CVE-2023-5677 concerns an input validation weakness in Axis’s VAPIX API tcptest.cgi that allows remote code execution after authentication with an operator- or administrator-privileged service account. Affected: Axis AXIS OS and related products (e.g., Axis OS/Webcam contexts referenced in connec...
CVE-2023-5677
Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged...
AXIS OS Code Injection Vulnerability
AXIS Os is an edge device operating system from the Swedish company Axis. A security vulnerability exists in AXIS OS versions 6.50 through 11.7 that stems from the VAPIX API createoverlay.cgi not having sufficient input validation, allowing for possible remote code execution...
AXIS M3024 Code Injection Vulnerability
AXIS M3024 is a webcam from Axis Sweden. The AXIS M3024 suffers from a code injection vulnerability that stems from the VAPIX API tcptest.cgi not having sufficient input validation, allowing remote code execution...
PT-2024-14825 · Axis Communications · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS versions affected versions not specified Description: The VAPIX API tcptest.cgi did not have sufficient input validation, allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an...
CVE-2023-21417
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service...