Vulnerabilities > Axis > Axis OS 2022

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2023-5800 Code Injection vulnerability in Axis OS
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution.
network
low complexity
axis CWE-94
8.8
2023-11-21 CVE-2023-21416 Unspecified vulnerability in Axis OS
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device.
network
low complexity
axis
6.5
2023-11-21 CVE-2023-21417 Path Traversal vulnerability in Axis OS
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion.
network
low complexity
axis CWE-22
7.1
2023-11-21 CVE-2023-21418 Path Traversal vulnerability in Axis products
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion.
network
low complexity
axis CWE-22
7.1
2023-11-21 CVE-2023-5553 Unspecified vulnerability in Axis OS and Axis OS 2022
During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection.
low complexity
axis
6.8
2023-10-16 CVE-2023-21415 Path Traversal vulnerability in Axis products
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion.
network
low complexity
axis CWE-22
8.1