Axis: Security Vulnerabilities
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-11-11
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-11-11
ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-08-12
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-08-12
During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-08-12
The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.
CVSS Score
9.0
EPSS Score
0.026
Published
2025-07-11
The communication protocol used between client
and server had a flaw that could be leveraged to execute a man in the middle attack.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-07-11
The communication protocol used between the
server process and the service control had a flaw that could lead to a local privilege escalation.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-07-11
The AXIS Camera Station Server had a flaw that allowed
to bypass authentication that is normally required.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-07-11
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
CVSS Score
9.4
EPSS Score
0.003
Published
2025-06-02