Vulnerabilidades em Axis Communications AB
78 resultadosCVE-2024-47259LOWGirishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input valEPSS 0.5%CVE-2025-30023CRITICALThe communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execuEPSS 0.5%CVE-2025-11142HIGHThe VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can onlEPSS 0.5%CVE-2024-47257HIGHFlorent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device EPSS 0.5%CVE-2023-21412HIGHNon-sanitized user input could lead to SQL injections in AXIS License Plate VerifierEPSS 0.5%CVE-2024-8772MEDIUM51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition EPSS 0.4%CVE-2021-31989—A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump EPSS 0.4%CVE-2026-0802MEDIUMAn ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalatEPSS 0.4%CVE-2024-6173MEDIUM51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowEPSS 0.4%CVE-2024-6509MEDIUMMarinus Pfund, member of the AXIS OS Bug Bounty Program,
has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which couEPSS 0.4%CVE-2024-0067MEDIUMMarinus Pfund, member of the AXIS OS Bug Bounty Program,
has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allEPSS 0.4%CVE-2022-23410—AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe wEPSS 0.4%CVE-2024-47260MEDIUM51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allEPSS 0.4%CVE-2025-30024MEDIUMThe communication protocol used between client
and server had a flaw that could be leveraged to execute a man in the middle attack.EPSS 0.3%CVE-2025-0324CRITICALThe VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.EPSS 0.3%CVE-2024-47262MEDIUMDzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attaEPSS 0.3%CVE-2023-5553HIGHDuring internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly kEPSS 0.3%CVE-2025-0325MEDIUMA Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to EPSS 0.3%CVE-2025-5718MEDIUMThe ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the AxEPSS 0.3%CVE-2024-47261MEDIUM51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validEPSS 0.3%