VYPR
Low severity3.8NVD Advisory· Published Nov 26, 2024· Updated Jun 17, 2026

CVE-2024-8160

CVE-2024-8160

Description

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Affected products

2
  • Axis/AXIS OSllm-fuzzy
  • Axis Communications AB/AXIS OSv5
    Range: 10.9.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.