Vulnerabilities in Axis Communications AB
78 resultsCVE-2024-6979MEDIUMAmin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- anEPSS 0.3%CVE-2023-21404MEDIUMAXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used iEPSS 0.3%CVE-2023-21406HIGHHeap-based buffer overflow in Axis A1001 Network Door Controller's OSDP communicationEPSS 0.3%CVE-2025-12757MEDIUMAn AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.EPSS 0.3%CVE-2023-21405MEDIUMDenial-of-Service vulnerability in Axis Network Door Controller's and Axis Network Intercom's OSDP communicationEPSS 0.3%CVE-2025-0361MEDIUMDuring an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration frEPSS 0.3%CVE-2025-5452MEDIUMA malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potEPSS 0.3%CVE-2024-7784MEDIUMDuring internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly kEPSS 0.2%CVE-2023-21414HIGHNCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (EPSS 0.2%CVE-2025-13064MEDIUMA server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by EPSS 0.2%CVE-2026-1185MEDIUMA configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privileEPSS 0.2%CVE-2024-7696MEDIUMSeth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamEPSS 0.2%CVE-2025-9524MEDIUMThe VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerabilitEPSS 0.2%CVE-2025-0358HIGHDuring an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration fraEPSS 0.2%CVE-2024-0066MEDIUMJohan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (AxEPSS 0.2%CVE-2025-8998LOWIt was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. ThiEPSS 0.2%CVE-2025-1056MEDIUMGee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A nEPSS 0.2%CVE-2025-0926MEDIUMGee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files EPSS 0.2%CVE-2025-12063MEDIUMAn insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissEPSS 0.2%CVE-2025-30025MEDIUMThe communication protocol used between the
server process and the service control had a flaw that could lead to a local privilege escalatioEPSS 0.2%