Axis: Security Vulnerabilities
A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-02-21
An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera.
CVSS Score
5.9
EPSS Score
0.003
Published
2022-07-21
The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-07-21
A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-06-15
AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder.
CVSS Score
7.8
EPSS Score
0.007
Published
2022-02-14
User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage.
CVSS Score
6.8
EPSS Score
0.006
Published
2021-10-05
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-10-05
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-10-05
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-08-25
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-26