Filtered by vendor Axis
Subscribe
Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22984 | 1 Axis | 2 207w, 207w Firmware | 2023-03-03 | N/A | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL. | |||||
| CVE-2017-20049 | 1 Axis | 12 M3005, M3005 Firmware, M3007 and 9 more | 2022-09-07 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. | |||||
| CVE-2022-28861 | 2 Axis, Citilog | 2 M1125, Citilog | 2022-07-29 | N/A | 5.9 MEDIUM |
| The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server. | |||||
| CVE-2022-28860 | 2 Axis, Citilog | 2 M1125, Citilog | 2022-07-29 | N/A | 5.9 MEDIUM |
| An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera. | |||||
| CVE-2021-31987 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2022-07-12 | 5.1 MEDIUM | 7.5 HIGH |
| A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. | |||||
| CVE-2021-31988 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email. | |||||
| CVE-2022-23410 | 1 Axis | 1 Ip Utility | 2022-05-11 | 4.4 MEDIUM | 7.8 HIGH |
| AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder. | |||||
| CVE-2021-31986 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2021-10-13 | 4.0 MEDIUM | 6.8 MEDIUM |
| User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. | |||||
| CVE-2021-31989 | 1 Axis | 1 Device Manager | 2021-09-01 | 3.5 LOW | 5.3 MEDIUM |
| A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. | |||||
| CVE-2018-10661 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. | |||||
| CVE-2018-10660 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. | |||||
| CVE-2018-10662 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. | |||||
| CVE-2007-5214 | 1 Axis | 1 2100 Network Camera | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. | |||||
| CVE-2007-5213 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page. | |||||
| CVE-2007-5212 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. | |||||
| CVE-2007-4930 | 1 Axis | 1 207w Network Camera | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml. | |||||
| CVE-2007-4929 | 1 Axis | 1 207w Network Camera | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors. | |||||
| CVE-2007-4928 | 1 Axis | 1 207w Network Camera | 2018-10-15 | 4.9 MEDIUM | N/A |
| The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information. | |||||
| CVE-2007-4927 | 1 Axis | 1 207w Network Camera | 2018-10-15 | 3.5 LOW | N/A |
| axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action. | |||||
| CVE-2007-4926 | 1 Axis | 1 207w Camera | 2018-10-15 | 9.3 HIGH | N/A |
| The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors. | |||||