Axis Os 2022 Security Vulnerabilities and Issues — Axis Os 2022 CVE List

AxisAxis Os 2022

9 matches found

CVE•added 2025/04/08 5:33 a.m.•96 views

CVE-2024-47261

The CVE-2024-47261 entry describes a vulnerability in Axis OS devices where the VAPIX API endpoint uploadoverlayimage.cgi lacks sufficient input validation. This allows an attacker to upload files that can block access to create image overlays in the device’s web interface. Affected product scope...

4.3CVSS7.1AI score0.00296EPSS

CVE•added 2024/11/26 7:27 a.m.•95 views

CVE-2024-8160

Summary (CVE-2024-8160) : The vulnerability affects Axis OS (AXIS OS) versions prior to the patched release. The flaw resides in the VAPIX API’s ftptest.cgi due to insufficient input validation, enabling a possible command injection that could allow transferring files to/from the Axis device. Exp...

3.8CVSS7.3AI score0.00614EPSS

CVE•added 2024/03/19 6:39 a.m.•90 views

CVE-2024-0055

The CVE-2024-0055 entry concerns AXIS OS where the VAPIX endpoints mediaclip.cgi and playclip.cgi are vulnerable to file globbing, enabling a resource-exhaustion (DoS) condition. Affected software is AXIS OS; the issue is fixed in patched AXIS OS versions as per Axis advisory. Connected sources c...

6.5CVSS6.5AI score0.00596EPSS

CVE•added 2024/02/05 5:20 a.m.•70 views

CVE-2023-5800

CVE-2023-5800 concerns Axis OS: the VAPIX API create_overlay.cgi lacks sufficient input validation, enabling remote code execution. Exploitation requires an operator/admin-privileged service account and network access, with impact on confidentiality, integrity, and availability listed as high. Ax...

8.8CVSS7.1AI score0.00684EPSS

CVE•added 2023/11/21 6:56 a.m.•49 views

CVE-2023-21418

AXIS OS vulnerability CVE-2023-21418 affects the VAPIX API irissetup.cgi, where path traversal could delete files. Exploitation requires authentication with an operator- or administrator-privileged service account, with impact higher on administrator privileges and lower on operator accounts (non...

7.1CVSS6.9AI score0.00668EPSS

CVE•added 2023/11/21 6:53 a.m.•45 views

CVE-2023-21417

CVE-2023-21417 affects AXIS OS via the VAPIX API endpoint manageoverlayimage.cgi, where path traversal can lead to file/folder deletion. Exploitation requires an operator- or administrator-privileged service account, with impact higher on administrator privileges and non-system files; operator ac...

7.1CVSS6.8AI score0.00668EPSS

CVE•added 2023/11/21 6:49 a.m.•43 views

CVE-2023-21416

Axis OS devices are affected by CVE-2023-21416 due to a vulnerability in the VAPIX API endpoint dynamically overlay CGI (dynamicoverlay.cgi). The flaw enables a Denial-of-Service that can block access to the overlay configuration page in the web interface. Exploitation requires an operator- or ad...

7.1CVSS6.6AI score0.00668EPSS

CVE•added 2023/11/21 6:59 a.m.•40 views

CVE-2023-5553

CVE-2023-5553 affects Axis OS Secure Boot protection. The AXIS OS tampering-protection bypass is the underlying issue, enabling a sophisticated attack to bypass the device’s tamper protection. Public detail indicates affected AXIS OS ranges include versions 10.8–11.6 (per external summaries), wit...

7.6CVSS6.8AI score0.00332EPSS

CVE•added 2023/10/16 6:24 a.m.•39 views

CVE-2023-21415

CVE-2023-21415 concerns AXIS OS: the VAPIX API endpoint overlay_del.cgi is vulnerable to a path traversal that allows deleting arbitrary files. Exploitation requires authentication with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions to address...

8.1CVSS7.2AI score0.0059EPSS