Skip to main content

Axis Os 2022

8 CVEs product

Monthly

CVE-2024-47261 MEDIUM This Month

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Axis Os Axis Os 2022 Axis Os 2024
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-8160 LOW Monitor

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Axis Os Axis Os 2022 Axis Os 2024
NVD
CVSS 3.1
2.7
EPSS
0.6%
CVE-2024-0055 MEDIUM This Month

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Axis Os Axis Os 2022
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-5553 MEDIUM This Month

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Axis Os Axis Os 2022
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-21418 HIGH This Week

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Axis Os Axis Os 2018 Axis Os 2020 Axis Os 2022
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-21417 HIGH This Week

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Axis Os Axis Os 2020 Axis Os 2022
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-21416 MEDIUM This Month

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Axis Os Axis Os 2022
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-21415 HIGH This Week

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Axis Os Axis Os 2016 Axis Os 2018 Axis Os 2020 +1
NVD
CVSS 3.1
8.1
EPSS
0.6%
EPSS 0% CVSS 4.3
MEDIUM This Month

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Axis Os Axis Os 2022 +1
NVD
EPSS 1% CVSS 2.7
LOW Monitor

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Axis Os Axis Os 2022 +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Axis Os Axis Os 2022
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Axis Os Axis Os 2022
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Axis Os Axis Os 2018 +2
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Axis Os Axis Os 2020 +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Axis Os Axis Os 2022
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Axis Os Axis Os 2016 +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy