CVE-2024-47259

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Ax...

PT-2025-9625

Name of the Vulnerable Software and Affected Versions AXIS OS affected versions not specified Description The VAPIX API dynamicoverlay.cgi endpoint did not have sufficient input validation, allowing for a possible command injection. This could lead to transferring files to the Axis device,...

CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...

PT-2023-7488 · Axis · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: The VAPIX API dynamicoverlay.cgi is vulnerable to a Denial-of-Service attack, allowing an attacker to block access to the overlay configuration page in the web interface of the Axis device...