Axis

Axis Os

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-1185

  • EPSS 0.06%
  • Veröffentlicht 12.05.2026 05:49:46
  • Zuletzt bearbeitet 12.05.2026 14:13:03

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...

6.7

CVE-2026-0804

  • EPSS 0.02%
  • Veröffentlicht 12.05.2026 05:46:45
  • Zuletzt bearbeitet 12.05.2026 14:13:03

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of...

6

CVE-2026-0802

  • EPSS 0.04%
  • Veröffentlicht 12.05.2026 05:44:59
  • Zuletzt bearbeitet 12.05.2026 14:13:03

An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of un...

6.7

CVE-2026-0541

  • EPSS 0.02%
  • Veröffentlicht 12.05.2026 05:42:27
  • Zuletzt bearbeitet 12.05.2026 14:13:03

ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the insta...

8.8

CVE-2025-11142

  • EPSS 0.12%
  • Veröffentlicht 10.02.2026 05:32:19
  • Zuletzt bearbeitet 28.02.2026 00:09:21

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.

3.1

CVE-2025-8998

  • EPSS 0.04%
  • Veröffentlicht 11.11.2025 07:28:40
  • Zuletzt bearbeitet 15.04.2026 00:35:42

It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service accoun...

4.3

CVE-2025-9524

  • EPSS 0.08%
  • Veröffentlicht 11.11.2025 07:25:45
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service acco...

6.7

CVE-2025-8108

  • EPSS 0.02%
  • Veröffentlicht 11.11.2025 07:10:31
  • Zuletzt bearbeitet 24.11.2025 17:56:23

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP...

6.7

CVE-2025-6779

  • EPSS 0.01%
  • Veröffentlicht 11.11.2025 07:05:51
  • Zuletzt bearbeitet 24.11.2025 17:54:55

An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACA...

6

CVE-2025-6571

  • EPSS 0.01%
  • Veröffentlicht 11.11.2025 07:03:19
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it.