Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
axis vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-21412
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections.
Axis License Plate Verifier
6.5
CVSSv3
CVE-2023-21405
Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities ...
Axis A1001 Firmware
Axis A1210 \\(-b\\) Firmware
Axis A1601 Firmware
Axis A1610 \\(-b\\) Firmware
Axis Axis Os
8.8
CVSSv3
CVE-2023-21406
Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which is handling the OSDP communication allowing to write outside of the allocated buffer. By appending invalid...
Axis A1001 Firmware
5.3
CVSSv3
CVE-2023-21404
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.
Axis Axis Os
6.1
CVSSv3
CVE-2023-22984
A Vulnerability exists in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an malicious user to execute arbitrary JavaScript via URL.
Axis 207w Firmware -
8.8
CVSSv3
CVE-2022-44784
An issue exists in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the e...
Maggioli Appalti \\& Contratti 9.12.2
5.9
CVSSv3
CVE-2022-28861
The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server.
Citilog Citilog 8.0
5.9
CVSSv3
CVE-2022-28860
An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera.
Citilog Citilog 8.0
NA
CVE-2017-20048
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This CVE has been rejected since it is out of scope in accordance to the Vulnerability Policy of Axis: https://www.axis.com/dam/public/76/fe/26/axis-vulnerability-management-policy-en-US-375421.pdf. Note...
9.8
CVSSv3
CVE-2017-20049
A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.
Axis P1204 Firmware
Axis P3225 Firmware
Axis P3367 Firmware
Axis M3045 Firmware
Axis M3005 Firmware
Axis M3007 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »