9 matches found
CVE-2021-31986
CVE-2021-31986 affects Axis OS; root cause is improper validation of user-controlled SMTP notification parameters, leading to a heap-based buffer overflow with potential crashes and data leakage. In Axis OS, affected tracks/versions include AXIS OS Active track 10.7 and 10.8, AXIS OS 2016 LTS tra...
CVE-2023-5800
CVE-2023-5800 concerns Axis OS: the VAPIX API create_overlay.cgi lacks sufficient input validation, enabling remote code execution. Exploitation requires an operator/admin-privileged service account and network access, with impact on confidentiality, integrity, and availability listed as high. Ax...
CVE-2021-31987
CVE-2021-31987 affects Axis OS (embedded OS used in Axis devices). A user-controlled parameter in the SMTP test functionality is not properly validated, enabling bypass of blocked network recipients. Public disclosures describe this alongside related issues (CVE-2021-31986, CVE-2021-31988) in Axi...
CVE-2021-31988
CVE-2021-31988 affects Axis OS SMTP test functionality and involves injecting CRLF and arbitrary SMTP headers due to insufficient validation of a user-controlled parameter. The root cause, as described in multiple sources, is lack of proper input validation in the SMTP test flow, enabling SMTP he...
CVE-2023-21418
AXIS OS vulnerability CVE-2023-21418 affects the VAPIX API irissetup.cgi, where path traversal could delete files. Exploitation requires authentication with an operator- or administrator-privileged service account, with impact higher on administrator privileges and lower on operator accounts (non...
CVE-2023-21414
CVE-2023-21414 affects Axis OS Secure Boot (device tamper protection). A flaw in the tamper protection mechanism can allow a sophisticated attacker to bypass Secure Boot. Axis has released patched AXIS OS versions and directs to the Axis security advisory for details and remediation. Connected so...
CVE-2023-21417
CVE-2023-21417 affects AXIS OS via the VAPIX API endpoint manageoverlayimage.cgi, where path traversal can lead to file/folder deletion. Exploitation requires an operator- or administrator-privileged service account, with impact higher on administrator privileges and non-system files; operator ac...
CVE-2023-21416
Axis OS devices are affected by CVE-2023-21416 due to a vulnerability in the VAPIX API endpoint dynamically overlay CGI (dynamicoverlay.cgi). The flaw enables a Denial-of-Service that can block access to the overlay configuration page in the web interface. Exploitation requires an operator- or ad...
CVE-2025-6298
CVE-2025-6298 affects Axis devices running ACAP, where improper input validation during ACAP installation can allow elevation of privileges. The issue only applies if the device is configured to permit unsigned ACAP applications and a user installs a malicious ACAP package. The CVSS 3.1 base metr...