CVE-2024-47260
CVE-2024-47260
In short
The VAPIX API in Axis devices allows uploading more audio clips than intended due to weak input validation, causing the device to run out of memory and potentially stop working.
Technical detail
Insufficient input validation in the mediaclip.cgi endpoint of the VAPIX API permits an authenticated or unauthenticated attacker to exceed designed storage limits by uploading excessive audio clips, leading to memory exhaustion and denial of service on the Axis device. The vulnerability requires network access to the affected API endpoint.
Summary generated and translated by AI from the official description.
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory.
Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Axis Communications AB · AXIS OSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →