Axis Os
CVE-2021-31986
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage.
AnalysisAI
User controlled parameters related to SMTP notifications are not correctly validated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-122. User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. Affected products include: Axis Axis Os, Axis Axis Os 2016, Axis Axis Os 2018, Axis Axis Os 2020.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Privilege escalation in Axis VAPIX framework.
Privilege escalation vulnerability in Axis Communications' VAPIX Device Configuration framework that allows a local, aut
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Appli
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to pa
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Devi
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass b
GoSecure on behalf of Genetec Inc. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attac
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code executio
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to pat
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerab
During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device t
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today