Skip to main content

Axis Os CVE-2021-31988

HIGH
Improper Validation of Syntactic Correctness of Input (CWE-1286)
2021-10-05 product-security@axis.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 05, 2021 - 22:15 nvd
HIGH 8.8

DescriptionNVD

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.

AnalysisAI

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-1286. A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email. Affected products include: Axis Axis Os, Axis Axis Os 2016, Axis Axis Os 2018, Axis Axis Os 2020.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-0324 CRITICAL
9.4 Jun 02

Privilege escalation in Axis VAPIX framework.

CVE-2025-0358 HIGH
8.8 Jun 02

Privilege escalation vulnerability in Axis Communications' VAPIX Device Configuration framework that allows a local, aut

CVE-2025-0359 HIGH
8.5 Mar 04

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Appli

CVE-2023-21415 HIGH
8.1 Oct 16

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to pa

CVE-2025-0360 HIGH
7.8 Mar 04

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Devi

CVE-2021-31987 HIGH
7.5 Oct 05

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass b

CVE-2023-21413 HIGH
7.2 Oct 16

GoSecure on behalf of Genetec Inc. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attac

CVE-2025-11142 HIGH
7.1 Feb 10

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code executio

CVE-2023-21418 HIGH
7.1 Nov 21

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to pat

CVE-2023-21417 HIGH
7.1 Nov 21

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerab

CVE-2023-5553 MEDIUM
6.8 Nov 21

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device t

CVE-2023-21414 MEDIUM
6.8 Oct 16

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. Rated medium seve

Share

CVE-2021-31988 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy