6 matches found
CVE-2025-0360
CVE-2025-0360 affects Axis VAPIX Device Configuration framework; flaw could yield an incorrect privilege level for the VAPIX service account D-Bus API. Reported during a penetration test, the CVSSv3.1 vector indicates Local attacker, Low privileges required, No user interaction, with Confidential...
CVE-2024-8160
Summary (CVE-2024-8160) : The vulnerability affects Axis OS (AXIS OS) versions prior to the patched release. The flaw resides in the VAPIX API’s ftptest.cgi due to insufficient input validation, enabling a possible command injection that could allow transferring files to/from the Axis device. Exp...
CVE-2024-47259
CVE-2024-47259 affects Axis OS: VAPIX API endpoint dynamicoverlay.cgi with insufficient input validation that enables command injection, enabling potential file transfers to the Axis device and resource exhaustion. Axis has released patched AXIS OS versions; refer to Axis security advisory for de...
CVE-2024-47261
The CVE-2024-47261 entry describes a vulnerability in Axis OS devices where the VAPIX API endpoint uploadoverlayimage.cgi lacks sufficient input validation. This allows an attacker to upload files that can block access to create image overlays in the device’s web interface. Affected product scope...
CVE-2025-0361
CVE-2025-0361 describes a vulnerability in Axis Communications’ VAPIX Device Configuration framework where unauthenticated username enumeration is possible via the VAPIX Device Configuration SSH Management API. Affected component is the VAPIX Device Configuration framework (Axis OS context cited ...
CVE-2025-0359
CVE-2025-0359 concerns Axis OS/ACAP: a flaw in the ACAP Application framework allowed applications to access restricted D-Bus methods. The issue stems from insufficient access control in the framework, exposing sensitive IPC interfaces. Axis has released patched AXIS OS versions; refer to Axis se...