Vulnerabilities > Axis > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-21409 | Improper Handling of Exceptional Conditions vulnerability in Axis License Plate Verifier Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application. | 9.8 |
| 2023-08-03 | CVE-2023-21408 | Improper Handling of Exceptional Conditions vulnerability in Axis License Plate Verifier Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems. | 9.8 |
| 2022-06-15 | CVE-2017-20049 | Improper Privilege Management vulnerability in Axis products A vulnerability, was found in legacy Axis devices such as P3225 and M3005. | 9.8 |
| 2018-06-26 | CVE-2018-10660 | OS Command Injection vulnerability in Axis products An issue was discovered in multiple models of Axis IP Cameras. | 10.0 |
| 2018-06-26 | CVE-2018-10661 | Unspecified vulnerability in Axis products An issue was discovered in multiple models of Axis IP Cameras. | 10.0 |
| 2018-06-26 | CVE-2018-10662 | Unspecified vulnerability in Axis products An issue was discovered in multiple models of Axis IP Cameras. | 10.0 |
| 2017-05-02 | CVE-2015-8257 | Command Injection vulnerability in Axis Network Camera Firmware The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml. | 9.0 |
| 2009-01-26 | CVE-2008-5260 | Buffer Errors vulnerability in Axis Camera Control 2.40.0.0 Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value. | 9.3 |
| 2007-10-04 | CVE-2007-5213 | Cross-Site Request Forgery (CSRF) vulnerability in Axis 2100 Network Camera and 2100 Network Camera Firmware Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page. | 9.3 |
| 2007-09-18 | CVE-2007-4926 | Cryptographic Issues vulnerability in Axis 207W Camera The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors. | 9.3 |