Axis

Axis Os 2022

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-47261

  • EPSS 0.3%
  • Veröffentlicht 08.04.2025 05:33:58
  • Zuletzt bearbeitet 14.01.2026 14:46:03

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of th...

2.7

CVE-2024-8160

  • EPSS 0.05%
  • Veröffentlicht 26.11.2024 08:15:07
  • Zuletzt bearbeitet 22.01.2026 16:41:04

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. Thi...

5.3

CVE-2024-0066

  • EPSS 0.07%
  • Veröffentlicht 18.06.2024 06:15:10
  • Zuletzt bearbeitet 21.11.2024 08:45:49

Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C is not being used this flaw does not apply. Axis has released patched AXI...

6.5

CVE-2024-0055

  • EPSS 0.19%
  • Veröffentlicht 19.03.2024 07:15:08
  • Zuletzt bearbeitet 13.01.2026 15:15:14

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the...

8.8

CVE-2023-5800

  • EPSS 0.17%
  • Veröffentlicht 05.02.2024 06:15:46
  • Zuletzt bearbeitet 21.11.2024 08:42:30

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an ...

6.8

CVE-2023-5553

  • EPSS 0.03%
  • Veröffentlicht 21.11.2023 07:15:11
  • Zuletzt bearbeitet 10.06.2025 14:15:26

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To A...

7.1

CVE-2023-21417

  • EPSS 0.19%
  • Veröffentlicht 21.11.2023 07:15:09
  • Zuletzt bearbeitet 21.11.2024 07:42:49

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an o...

7.1

CVE-2023-21418

  • EPSS 0.17%
  • Veröffentlicht 21.11.2023 07:15:09
  • Zuletzt bearbeitet 21.11.2024 07:42:49

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or admin...

6.5

CVE-2023-21416

  • EPSS 0.12%
  • Veröffentlicht 21.11.2023 07:15:08
  • Zuletzt bearbeitet 21.11.2024 07:42:49

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of th...

8.1

CVE-2023-21415

  • EPSS 0.13%
  • Veröffentlicht 16.10.2023 07:15:08
  • Zuletzt bearbeitet 21.11.2024 07:42:49

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or admi...