AXIS OS
by Axis
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-30023 | Cri | 0.59 | 9.0 | 0.01 | Jul 11, 2025 | The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. | ||
| CVE-2023-21413 | Cri | 0.59 | 9.1 | 0.01 | Oct 16, 2023 | GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary… | ||
| CVE-2023-21407 | Hig | 0.57 | 8.8 | 0.01 | Aug 3, 2023 | A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges. | ||
| CVE-2023-21409 | Hig | 0.55 | 8.4 | 0.01 | Aug 3, 2023 | Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application. | ||
| CVE-2024-47257 | Hig | 0.49 | 7.5 | 0.00 | Nov 26, 2024 | Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. Axis has released patched AXIS OS versions for the highlighted flaw for products that are still… | ||
| CVE-2023-5553 | Hig | 0.49 | 7.6 | 0.00 | Nov 21, 2023 | During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no… | ||
| CVE-2023-21418 | Hig | 0.46 | 7.1 | 0.01 | Nov 21, 2023 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service… | ||
| CVE-2023-21417 | Hig | 0.46 | 7.1 | 0.01 | Nov 21, 2023 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator-… | ||
| CVE-2023-21416 | Hig | 0.46 | 7.1 | 0.01 | Nov 21, 2023 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can… | ||
| CVE-2023-21414 | Hig | 0.46 | 7.1 | 0.00 | Oct 16, 2023 | NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has… | ||
| CVE-2026-0804 | Med | 0.44 | 6.7 | 0.00 | May 12, 2026 | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications,… | ||
| CVE-2024-6979 | Med | 0.44 | 6.8 | 0.00 | Sep 10, 2024 | Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute,… | ||
| CVE-2024-47260 | Med | 0.42 | 6.5 | 0.00 | Mar 4, 2025 | 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS… | ||
| CVE-2024-6509 | Med | 0.42 | 6.5 | 0.00 | Sep 10, 2024 | Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to… | ||
| CVE-2024-6173 | Med | 0.42 | 6.5 | 0.00 | Sep 10, 2024 | 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. Axis has released… | ||
| CVE-2024-0055 | Med | 0.42 | 6.5 | 0.01 | Mar 19, 2024 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please… | ||
| CVE-2024-0054 | Med | 0.42 | 6.5 | 0.01 | Mar 19, 2024 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the… | ||
| CVE-2023-21415 | Med | 0.42 | 6.5 | 0.01 | Oct 16, 2023 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service… | ||
| CVE-2024-7784 | Med | 0.40 | 6.1 | 0.00 | Sep 10, 2024 | During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no… | ||
| CVE-2026-0802 | Med | 0.39 | 6.0 | 0.00 | May 12, 2026 | An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and… |
- risk 0.59cvss 9.0epss 0.01
The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.
- risk 0.59cvss 9.1epss 0.01
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary…
- risk 0.57cvss 8.8epss 0.01
A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges.
- risk 0.55cvss 8.4epss 0.01
Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application.
- risk 0.49cvss 7.5epss 0.00
Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. Axis has released patched AXIS OS versions for the highlighted flaw for products that are still…
- risk 0.49cvss 7.6epss 0.00
During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no…
- risk 0.46cvss 7.1epss 0.01
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service…
- risk 0.46cvss 7.1epss 0.01
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator-…
- risk 0.46cvss 7.1epss 0.01
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can…
- risk 0.46cvss 7.1epss 0.00
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has…
- risk 0.44cvss 6.7epss 0.00
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications,…
- risk 0.44cvss 6.8epss 0.00
Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute,…
- risk 0.42cvss 6.5epss 0.00
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS…
- risk 0.42cvss 6.5epss 0.00
Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to…
- risk 0.42cvss 6.5epss 0.00
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. Axis has released…
- risk 0.42cvss 6.5epss 0.01
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please…
- risk 0.42cvss 6.5epss 0.01
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the…
- risk 0.42cvss 6.5epss 0.01
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service…
- risk 0.40cvss 6.1epss 0.00
During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no…
- risk 0.39cvss 6.0epss 0.00
An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and…
Page 1 of 2