Lucene search
K

9 matches found

CVE
CVE
added 2021/10/05 9:45 p.m.78 views

CVE-2021-31986

CVE-2021-31986 affects Axis OS; root cause is improper validation of user-controlled SMTP notification parameters, leading to a heap-based buffer overflow with potential crashes and data leakage. In Axis OS, affected tracks/versions include AXIS OS Active track 10.7 and 10.8, AXIS OS 2016 LTS tra...

6.8CVSS7.3AI score0.00779EPSS
CVE
CVE
added 2024/02/05 5:20 a.m.71 views

CVE-2023-5800

CVE-2023-5800 concerns Axis OS: the VAPIX API create_overlay.cgi lacks sufficient input validation, enabling remote code execution. Exploitation requires an operator/admin-privileged service account and network access, with impact on confidentiality, integrity, and availability listed as high. Ax...

8.8CVSS7.1AI score0.00684EPSS
CVE
CVE
added 2021/10/05 9:46 p.m.66 views

CVE-2021-31987

CVE-2021-31987 affects Axis OS (embedded OS used in Axis devices). A user-controlled parameter in the SMTP test functionality is not properly validated, enabling bypass of blocked network recipients. Public disclosures describe this alongside related issues (CVE-2021-31986, CVE-2021-31988) in Axi...

7.5CVSS7.7AI score0.00865EPSS
CVE
CVE
added 2021/10/05 9:48 p.m.59 views

CVE-2021-31988

CVE-2021-31988 affects Axis OS SMTP test functionality and involves injecting CRLF and arbitrary SMTP headers due to insufficient validation of a user-controlled parameter. The root cause, as described in multiple sources, is lack of proper input validation in the SMTP test flow, enabling SMTP he...

8.8CVSS8.6AI score0.00923EPSS
CVE
CVE
added 2023/11/21 6:56 a.m.51 views

CVE-2023-21418

AXIS OS vulnerability CVE-2023-21418 affects the VAPIX API irissetup.cgi, where path traversal could delete files. Exploitation requires authentication with an operator- or administrator-privileged service account, with impact higher on administrator privileges and lower on operator accounts (non...

7.1CVSS6.9AI score0.00668EPSS
CVE
CVE
added 2023/10/16 6:18 a.m.48 views

CVE-2023-21414

CVE-2023-21414 affects Axis OS Secure Boot (device tamper protection). A flaw in the tamper protection mechanism can allow a sophisticated attacker to bypass Secure Boot. Axis has released patched AXIS OS versions and directs to the Axis security advisory for details and remediation. Connected so...

7.1CVSS6.5AI score0.00232EPSS
CVE
CVE
added 2023/11/21 6:53 a.m.47 views

CVE-2023-21417

CVE-2023-21417 affects AXIS OS via the VAPIX API endpoint manageoverlayimage.cgi, where path traversal can lead to file/folder deletion. Exploitation requires an operator- or administrator-privileged service account, with impact higher on administrator privileges and non-system files; operator ac...

7.1CVSS6.8AI score0.00668EPSS
CVE
CVE
added 2023/11/21 6:49 a.m.44 views

CVE-2023-21416

Axis OS devices are affected by CVE-2023-21416 due to a vulnerability in the VAPIX API endpoint dynamically overlay CGI (dynamicoverlay.cgi). The flaw enables a Denial-of-Service that can block access to the overlay configuration page in the web interface. Exploitation requires an operator- or ad...

7.1CVSS6.6AI score0.00668EPSS
CVE
CVE
added 2025/11/11 6:56 a.m.11 views

CVE-2025-6298

CVE-2025-6298 affects Axis devices running ACAP, where improper input validation during ACAP installation can allow elevation of privileges. The issue only applies if the device is configured to permit unsigned ACAP applications and a user installs a malicious ACAP package. The CVSS 3.1 base metr...

6.7CVSS6.7AI score0.00122EPSS