Vulnerabilidades em Axis Communications AB
78 resultadosCVE-2023-21413CRITICALRemote code execution vulnerability during the installation of ACAP applications on the Axis deviceEPSS 1.2%CVE-2025-6779MEDIUMAn ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This EPSS 1.0%CVE-2021-31988—A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and EPSS 0.9%CVE-2021-31987—A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipEPSS 0.9%CVE-2021-31986—User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crasheEPSS 0.8%CVE-2023-21411HIGHNon-sanitized user input could lead to arbitrary code execution during Access Control configuration in AXIS License Plate VerifierEPSS 0.7%CVE-2023-21410HIGHNon-sanitized user input could lead to arbitrary code execution in AXIS License Plate VerifierEPSS 0.7%CVE-2023-5800MEDIUMInsufficient input validation in VAPIX API create_overlay.cgiEPSS 0.7%CVE-2023-21418HIGHSandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks EPSS 0.7%CVE-2023-21417HIGHSandro Poppi, member of the AXIS OS Bug Bounty Program,
has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversaEPSS 0.7%CVE-2023-21416HIGHSandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-ServicEPSS 0.7%CVE-2024-8160LOWErik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation EPSS 0.6%CVE-2024-0055MEDIUMSandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for fileEPSS 0.6%CVE-2025-30026MEDIUMThe AXIS Camera Station Server had a flaw that allowed
to bypass authentication that is normally required.EPSS 0.6%CVE-2023-21415MEDIUMSandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacksEPSS 0.6%CVE-2024-0054MEDIUMSandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi wEPSS 0.6%CVE-2023-21409HIGHInsufficient file permissions leak administrator-privileged credentials in AXIS License Verifier ACAPEPSS 0.6%CVE-2023-21408HIGHInsufficient file permissions leak user credentials of 3rd party integration interfaces in AXIS License Verifier ACAPEPSS 0.6%CVE-2023-5677MEDIUMBrandon
Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi
did not have a sufficient input EPSS 0.6%CVE-2023-21407HIGHPrivilege escalation in AXIS License Plate Verifier ACAPEPSS 0.6%