High severity8.8NVD Advisory· Published May 2, 2017· Updated May 13, 2026

CVE-2015-8257

Description

The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/138083/AXIS-Authenticated-Remote-Command-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/40171/nvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/92159nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.014
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000