Filtered by vendor Axis
Subscribe
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31986 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2024-11-08 | 4.0 MEDIUM | 6.8 MEDIUM |
| User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. | |||||
| CVE-2018-9157 | 1 Axis | 2 M1033-w, M1033-w Firmware | 2024-08-05 | 7.6 HIGH | 7.5 HIGH |
| ** DISPUTED ** An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality. | |||||
| CVE-2018-9156 | 1 Axis | 2 P1354, P1354 Firmware | 2024-08-05 | 7.6 HIGH | 7.5 HIGH |
| ** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality. | |||||
| CVE-2023-22984 | 1 Axis | 2 207w, 207w Firmware | 2024-08-02 | N/A | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL. | |||||
| CVE-2023-21407 | 1 Axis | 1 License Plate Verifier | 2024-02-05 | N/A | 8.8 HIGH |
| A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges. | |||||
| CVE-2023-21408 | 1 Axis | 1 License Plate Verifier | 2024-02-05 | N/A | 9.8 CRITICAL |
| Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems. | |||||
| CVE-2023-21409 | 1 Axis | 1 License Plate Verifier | 2024-02-05 | N/A | 9.8 CRITICAL |
| Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application. | |||||
| CVE-2022-28861 | 2 Axis, Citilog | 2 M1125, Citilog | 2024-02-04 | N/A | 5.9 MEDIUM |
| The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server. | |||||
| CVE-2022-28860 | 2 Axis, Citilog | 2 M1125, Citilog | 2024-02-04 | N/A | 5.9 MEDIUM |
| An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera. | |||||
| CVE-2017-20049 | 1 Axis | 12 M3005, M3005 Firmware, M3007 and 9 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. | |||||
| CVE-2018-9158 | 1 Axis | 2 M1033-w, M1033-w Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end. | |||||
| CVE-2018-10659 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction. | |||||
| CVE-2018-10661 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. | |||||
| CVE-2018-10660 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. | |||||
| CVE-2018-10662 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. | |||||
| CVE-2018-10664 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption. | |||||
| CVE-2018-10658 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar. | |||||
| CVE-2018-10663 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation. | |||||
| CVE-2017-12413 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml. | |||||
| CVE-2017-15885 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214. | |||||