Filtered by vendor Axis
Subscribe
Search
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5553 | 1 Axis | 2 Axis Os, Axis Os 2022 | 2023-12-04 | N/A | 6.8 MEDIUM |
| During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-21416 | 1 Axis | 2 Axis Os, Axis Os 2022 | 2023-11-28 | N/A | 6.5 MEDIUM |
| Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account however the impact is equal. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2022-28860 | 2 Axis, Citilog | 2 M1125, Citilog | 2023-08-08 | N/A | 5.9 MEDIUM |
| An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera. | |||||
| CVE-2023-21405 | 1 Axis | 11 A1001, A1001 Firmware, A1210 \(-b\) and 8 more | 2023-08-02 | N/A | 6.5 MEDIUM |
| Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions. | |||||
| CVE-2022-28861 | 2 Axis, Citilog | 2 M1125, Citilog | 2023-07-28 | N/A | 5.9 MEDIUM |
| The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server. | |||||
| CVE-2017-20047 | 1 Axis | 12 M3005, M3005 Firmware, M3007 and 9 more | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2021-31986 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2021-10-13 | 4.0 MEDIUM | 6.8 MEDIUM |
| User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. | |||||
| CVE-2021-31989 | 1 Axis | 1 Device Manager | 2021-09-01 | 3.5 LOW | 5.3 MEDIUM |
| A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. | |||||
| CVE-2017-15885 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2017-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214. | |||||
| CVE-2017-12413 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2017-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml. | |||||
| CVE-2015-8256 | 1 Axis | 11 Cannon Network Camera, Explosion-protected Camera, Fixed Box Camera and 8 more | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. | |||||