Vulnerabilities > Axis > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-21 | CVE-2023-21416 | Unspecified vulnerability in Axis OS Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. | 6.5 |
| 2023-11-21 | CVE-2023-5553 | Unspecified vulnerability in Axis OS and Axis OS 2022 During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. low complexity axis | 6.8 |
| 2023-10-16 | CVE-2023-21414 | Unspecified vulnerability in Axis OS NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. low complexity axis | 6.8 |
| 2023-07-25 | CVE-2023-21405 | Unspecified vulnerability in Axis products Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. low complexity axis | 6.5 |
| 2023-05-08 | CVE-2023-21404 | Missing Encryption of Sensitive Data vulnerability in Axis OS AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. | 5.3 |
| 2023-02-21 | CVE-2023-22984 | Cross-site Scripting vulnerability in Axis 207W Firmware A Vulnerability was discovered in Axis 207W network camera. | 6.1 |
| 2021-10-05 | CVE-2021-31986 | Out-of-bounds Write vulnerability in Axis products User controlled parameters related to SMTP notifications are not correctly validated. | 6.8 |
| 2021-08-25 | CVE-2021-31989 | Cleartext Storage of Sensitive Information vulnerability in Axis Device Manager A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. | 5.3 |
| 2017-10-25 | CVE-2017-15885 | Cross-site Scripting vulnerability in Axis 2100 Network Camera Firmware 2.03 Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. | 6.1 |
| 2017-08-04 | CVE-2017-12413 | Cross-site Scripting vulnerability in Axis 2100 Network Camera Firmware 2.43 AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml. | 6.1 |