Known Vulnerabilities for products from Axis
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Axis".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Axis can be found at device.report : Axis
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-22984 | ** UNSUPPORTED WHEN ASSIGNED ** A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerab... | 6.1 - MEDIUM | 2023-02-21 | 2023-11-07 |
| CVE-2023-21418 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.1 - HIGH | 2023-11-21 | 2023-11-28 |
| CVE-2023-21417 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.1 - HIGH | 2023-11-21 | 2023-11-28 |
| CVE-2023-21416 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2023-11-21 | 2023-11-28 |
| CVE-2023-21415 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path tr... | 8.1 - HIGH | 2023-10-16 | 2023-10-19 |
| CVE-2023-21414 | NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for dev... | 6.8 - MEDIUM | 2023-10-16 | 2023-10-20 |
| CVE-2023-21413 | GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP a... | 7.2 - HIGH | 2023-10-16 | 2023-10-20 |
| CVE-2023-21412 | User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injection... | 8.8 - HIGH | 2023-08-03 | 2023-08-07 |
| CVE-2023-21411 | User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary c... | 8.8 - HIGH | 2023-08-03 | 2023-08-07 |
| CVE-2023-21410 | User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code e... | 8.8 - HIGH | 2023-08-03 | 2023-08-07 |
| CVE-2023-21409 | Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing... | 9.8 - CRITICAL | 2023-08-03 | 2023-08-07 |
| CVE-2023-21408 | Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in ... | 9.8 - CRITICAL | 2023-08-03 | 2023-08-07 |
| CVE-2023-21407 | A broken access control was found allowing for privileged escalation of the operator account to gain administrator privilege... | 8.8 - HIGH | 2023-08-03 | 2023-08-07 |
| CVE-2023-21406 | Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. A heap-based buffer... | 8.8 - HIGH | 2023-07-25 | 2023-08-02 |
| CVE-2023-21405 | Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating ov... | 6.5 - MEDIUM | 2023-07-25 | 2023-08-02 |
| CVE-2023-21404 | AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA ke... | 5.3 - MEDIUM | 2023-05-08 | 2023-05-15 |
| CVE-2023-5553 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.8 - MEDIUM | 2023-11-21 | 2023-12-04 |
| CVE-2022-28861 | The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1... | 5.9 - MEDIUM | 2022-07-21 | 2023-07-28 |
| CVE-2022-28860 | An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the serv... | 5.9 - MEDIUM | 2022-07-21 | 2023-08-08 |
| CVE-2022-23410 | AXIS IP Utility prior to 4.17.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking... | 7.8 - HIGH | 2022-02-14 | 2022-05-11 |
Known software with vulnerabilities from Axis
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Axis | 207w Camera | - |
| Hardware | Axis | 207w Network Camera | - |
| Hardware | Axis | 207 Network Camera | - |
| Hardware | Axis | 2100 Network Camera | - |
| Hardware | Axis | 2110 Network Camera | - |
| Hardware | Axis | 2120 Network Camera | - |
| Hardware | Axis | 2130 Ptz Network Camera | - |
| Hardware | Axis | 230 Mpeg2 Video Server | - |
| Hardware | Axis | 2400 Video Server | - |
| Hardware | Axis | 2401 Video Server | - |
| Hardware | Axis | 2411 Video Server | - |
| Hardware | Axis | 2420-ir Network Camera | - |
| Hardware | Axis | 2420 Network Camera | - |
| Hardware | Axis | 2420 Video Server | - |
| Hardware | Axis | 2460 Network Dvr | - |
| Hardware | Axis | 2490 Serial Server | - |
| Hardware | Axis | 250s Mpeg2 Video Server | - |
| Hardware | Axis | 250s Video Server | - |
| Hardware | Axis | 700 Network Document Server | - |
| Application | Axis | Camera Management | - |