Vulnerabilities > Axis
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-5677 | Code Injection vulnerability in Axis products Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. | 8.8 |
| 2024-02-05 | CVE-2023-5800 | Code Injection vulnerability in Axis OS Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. | 8.8 |
| 2023-11-21 | CVE-2023-21416 | Unspecified vulnerability in Axis OS Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. | 6.5 |
| 2023-11-21 | CVE-2023-21417 | Path Traversal vulnerability in Axis OS Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. | 7.1 |
| 2023-11-21 | CVE-2023-21418 | Path Traversal vulnerability in Axis products Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. | 7.1 |
| 2023-11-21 | CVE-2023-5553 | Unspecified vulnerability in Axis OS and Axis OS 2022 During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. low complexity axis | 6.8 |
| 2023-10-16 | CVE-2023-21413 | Command Injection vulnerability in Axis OS GoSecure on behalf of Genetec Inc. | 7.2 |
| 2023-10-16 | CVE-2023-21414 | Unspecified vulnerability in Axis OS NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. low complexity axis | 6.8 |
| 2023-10-16 | CVE-2023-21415 | Path Traversal vulnerability in Axis products Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. | 8.1 |
| 2023-08-03 | CVE-2023-21407 | Unspecified vulnerability in Axis License Plate Verifier A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges. | 8.8 |