Axis Axis_os_2024
8 CVEs affecting Axis Axis_os_2024. Latest disclosed: 2025-06-02. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-0324 | Critical | 9.4 | 2025-06-02 | The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges. |
CVE-2025-0359 | High | 8.5 | 2025-03-04 | During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applicati… |
CVE-2025-0360 | High | 7.8 | 2025-03-04 | During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could l… |
CVE-2024-6979 | Medium | 6.8 | 2024-09-10 | Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer account… |
CVE-2025-0361 | Medium | 4.3 | 2025-04-08 | During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowe… |
CVE-2024-47261 | Medium | 4.3 | 2025-04-08 | 51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an a… |
CVE-2024-8160 | Low | 3.8 | 2024-11-26 | Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a poss… |
CVE-2024-47259 | Low | 3.5 | 2025-03-04 | Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing fo… |