|
2301
|
8.8 |
HIGH
Adjacent
|
axis
|
a1001_firmware
|
Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when
communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which
is handling the OSDP commu…
|
CWE-787
Out-of-bounds Write
|
CVE-2023-21406
|
2024-11-8 18:15 |
2023-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2302
|
5.3 |
MEDIUM
Network
axis
|
axis_os
|
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to comp…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2023-21404
|
2024-11-8 18:15 |
2023-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2303
|
8.8 |
HIGH
Network
|
axis
|
m3024-lve_firmware
m3025-ve_firmware
m7014_firmware
m7016_firmware
p1214-e_firmware
p7214_firmware
p7216_firmware
q7401_firmware
q7404_firmware
q7414_firmware
q7424-r_mk…
|
Brandon
Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi
did not have a sufficient input validation allowing for a possible remote code
execution. This flaw can only be explo…
|
CWE-94
Code Injection
|
CVE-2023-5677
|
2024-11-8 18:15 |
2024-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2304
|
7.8 |
HIGH
Local
|
axis
|
ip_utility
|
AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working director…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2022-23410
|
2024-11-8 18:15 |
2022-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2305
|
8.8 |
HIGH
Network
|
axis
|
axis_os_2020
axis_os_2018
axis_os_2016
axis_os
|
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary S…
|
CWE-74
Injection
|
CVE-2021-31988
|
2024-11-8 18:15 |
2021-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2306
|
7.5 |
HIGH
Network
|
axis
|
axis_os_2020
axis_os_2018
axis_os_2016
axis_os
|
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.
|
NVD-CWE-Other
|
CVE-2021-31987
|
2024-11-8 18:15 |
2021-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2307
|
7.1 |
HIGH
Network
|
axis
|
axis_os_2018
axis_os
axis_os_2022
axis_os_2020
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploi…
|
CWE-22
Path Traversal
|
CVE-2023-21418
|
2024-11-8 18:15 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2308
|
7.1 |
HIGH
Network
|
axis
|
axis_os
axis_os_2022
axis_os_2020
|
Sandro Poppi, member of the AXIS OS Bug Bounty Program,
has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw c…
|
CWE-22
Path Traversal
|
CVE-2023-21417
|
2024-11-8 18:15 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2309
|
6.5 |
MEDIUM
Adjacent
|
axis
|
a1001_firmware
a1210_\(-b\)_firmware
a1601_firmware
a1610_\(-b\)_firmware
axis_os
|
Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network
Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes
the pacsiod proc…
|
NVD-CWE-noinfo
|
CVE-2023-21405
|
2024-11-8 18:15 |
2023-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2310
|
6.8 |
MEDIUM
Network
|
axis
|
axis_os_2020
axis_os_2018
axis_os_2016
axis_os
|
User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-31986
|
2024-11-8 18:15 |
2021-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
