Vulnerability in Axis Axis_os
CVE-2024-47261
51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web inte…
EPSS: 0.003 (24.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.
Affected products
- Axis Axis_os
- Axis Axis_os_2022
- Axis Axis_os_2024
- Axis Communications Ab Os — versions 10.12.0, 11.0.0, 12.0.0
Weakness classification (CWE)
References
- product-security@axis.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2024-47261?
- CVE-2024-47261 is a medium-severity vulnerability in Axis Axis_os, classified under CWE-1287. CVSS score: 4.3/10. Published 2025-04-08.
- How severe is CVE-2024-47261?
- Medium severity. CVSS v3 base score is 4.3 out of 10.