Axis Security Vulnerabilities
Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.
7AI Score
0.117EPSS
Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.
6.9AI Score
0.023EPSS
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.
7.1AI Score
0.015EPSS
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
6.7AI Score
0.024EPSS
AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.
6.2AI Score
0.034EPSS
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidt...
6.8AI Score
0.016EPSS
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
8.1AI Score
0.052EPSS
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying fi...
7.4AI Score
0.009EPSS
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setpara...
7.1AI Score
0.015EPSS
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service ...
8AI Score
0.274EPSS
The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors.
6.5AI Score
0.009EPSS
axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.
6.3AI Score
0.013EPSS
The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information.
6.1AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors.
5.8AI Score
0.01EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to a...
7.1AI Score
0.043EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager...
5.8AI Score
0.009EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv a...
7.1AI Score
0.016EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (...
6.1AI Score
0.025EPSS
Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value.
8.1AI Score
0.686EPSS
Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml.
6AI Score
0.003EPSS
The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods.
7AI Score
0.106EPSS
AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.
8.8CVSS
8.7AI Score
0.001EPSS
6.1CVSS
6AI Score
0.002EPSS
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
8.8CVSS
8.7AI Score
0.014EPSS
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."
7.5CVSS
7.5AI Score
0.014EPSS
AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.
6.1CVSS
6AI Score
0.001EPSS
Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214.
6.1CVSS
6.2AI Score
0.025EPSS
A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.
9.8CVSS
9.5AI Score
0.003EPSS
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.
7.5CVSS
8.4AI Score
0.004EPSS
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.
7.5CVSS
8.3AI Score
0.006EPSS
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
9.8CVSS
9.4AI Score
0.092EPSS
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation.
7.5CVSS
8.5AI Score
0.004EPSS
An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.
7.5CVSS
8.5AI Score
0.013EPSS
An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include modu...
7.5CVSS
8.1AI Score
0.003EPSS
An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include mo...
7.5CVSS
8.1AI Score
0.003EPSS
An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from att...
7.5CVSS
7.4AI Score
0.002EPSS
User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage.
6.8CVSS
7.3AI Score
0.003EPSS
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.
7.5CVSS
7.7AI Score
0.004EPSS
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.
8.8CVSS
8.6AI Score
0.003EPSS
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.
5.3CVSS
5.2AI Score
0.001EPSS
AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folde...
7.8CVSS
8.1AI Score
0.001EPSS
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.
5.3CVSS
5.2AI Score
0.001EPSS
Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis NetworkIntercoms when communicating over OSDP, highlighting that the OSDP message parser crashesthe pacsiod process, causing a temporary unavailability of the door-controlling functionalitiesmeaning that doors cann...
6.5CVSS
6.4AI Score
0.001EPSS
Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 whencommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process whichis handling the OSDP communication allowing to write outside of the allocated buffer. Byappending invalid data to an OSDP messag...
8.8CVSS
9.1AI Score
0.001EPSS
A broken access control was found allowing for privileged escalation of the operator account to gainadministrator privileges.
8.8CVSS
8.7AI Score
0.001EPSS
Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentialsthat are used in the integration interface towards 3rd party systems.
9.8CVSS
9.3AI Score
0.002EPSS
Due to insufficient file permissions, unprivileged users could gain access to unencrypted administratorcredentials allowing the configuration of the application.
9.8CVSS
9.3AI Score
0.002EPSS
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing forarbitrary code execution.
8.8CVSS
8.7AI Score
0.002EPSS