Vulnerabilities > Axis > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2023-5677 Code Injection vulnerability in Axis products
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution.
network
low complexity
axis CWE-94
8.8
8.8
2024-02-05 CVE-2023-5800 Code Injection vulnerability in Axis OS
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution.
network
low complexity
axis CWE-94
8.8
8.8
2023-11-21 CVE-2023-21417 Path Traversal vulnerability in Axis OS
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion.
network
low complexity
axis CWE-22
7.1
7.1
2023-11-21 CVE-2023-21418 Path Traversal vulnerability in Axis products
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion.
network
low complexity
axis CWE-22
7.1
7.1
2023-10-16 CVE-2023-21413 Command Injection vulnerability in Axis OS
GoSecure on behalf of Genetec Inc.
network
low complexity
axis CWE-77
7.2
7.2
2023-10-16 CVE-2023-21415 Path Traversal vulnerability in Axis products
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion.
network
low complexity
axis CWE-22
8.1
8.1
2023-08-03 CVE-2023-21407 Unspecified vulnerability in Axis License Plate Verifier 2.8.3
A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges.
network
low complexity
axis
8.8
8.8
2023-08-03 CVE-2023-21410 Unspecified vulnerability in Axis License Plate Verifier 2.8.3
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution.
network
low complexity
axis
8.8
8.8
2023-08-03 CVE-2023-21411 Unspecified vulnerability in Axis License Plate Verifier 2.8.3
User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution.
network
low complexity
axis
8.8
8.8
2023-08-03 CVE-2023-21412 SQL Injection vulnerability in Axis License Plate Verifier 2.8.3
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections.
network
low complexity
axis CWE-89
8.8
8.8