3 matches found
Axis Communications AXIS OS Improper Restriction of Names for Files and Other Resources (CVE-2024-47260)
Lasse Trind, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for thi...
CVE-2025-11142
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account...
PT-2026-7228
Name of the Vulnerable Software and Affected Versions VAPIX API affected versions not specified Description The VAPIX API’s mediaclip.cgi component lacks proper input validation, potentially allowing for remote code execution. Exploitation requires authentication with an operator- or...