6 matches found
PT-2024-39240 · Axis · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The VAPIX API managedoverlayimages.cgi is vulnerable to a race condition attack, allowing an attacker to block access to the overlay configuration page in the web interface of the Axi...
CVE-2023-5677
Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged...
PT-2023-7489 · Axis Communications · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: The VAPIX API irissetup.cgi is vulnerable to path traversal attacks, allowing for file deletion. This issue can only be exploited after authenticating with an operator- or...
CVE-2020-1874
NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability. The software system access an invalid pointer when operator logs in to the device and performs some operations. Successful exploit could cause...
Improper access control
NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability. The software system access an invalid pointer when operator logs in to the device and performs some operations. Successful exploit could cause...
CVE-2020-1874
NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability. The software system access an invalid pointer when operator logs in to the device and performs some operations. Successful exploit could cause...