MidnightBSD

Advisories for axis

CVE-2000-0144 HIGH

Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
axis 700_network_document_server 1.10
axis 700_network_document_server 1.12
axis 700_network_document_server 1.14
axis 700_network_document_server 1.0
axis 700_network_document_server 1.11
axis 700_network_document_server 1.13
CVE-2000-0191 HIGH

Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
axis storpoint_cd *
CVE-2001-1543 HIGH

Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
axis 2100_network_camera *
axis neteye_200+ *
axis 2120_network_camera *
axis 2110_network_camera *
axis neteye_200 *
CVE-2003-0240 HIGH

The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
axis 2460_network_dvr *
axis 2130_ptz_network_camera *
axis 2420_network_camera *
axis 2400_video_server *
axis 2100_network_camera *
axis 250s_video_server *
axis 2401_video_server *
axis 2120_network_camera *
axis 2110_network_camera *
CVE-2003-1386 MEDIUM

AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
axis 2400_video_server 2.32
axis 2401_video_server 2.31
axis 2400_video_server 2.20
axis 2401_video_server 2.20
axis 2400_video_server 2.0
axis 2400_video_server 2.31
axis 2400_video_server 2.33
axis 2401_video_server 2.32
axis 2401_video_server 2.33
CVE-2004-0789 MEDIUM

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dnrd dnrd 2.5
dnrd dnrd 2.1
posadis posadis 0.60.1
qbik wingate 6.0.1_build_993
dnrd dnrd 2.3
delegate delegate 7.7.0
maradns maradns 0.8.05
delegate delegate 8.9.1
delegate delegate 7.8.2
maradns maradns 0.5.29
dnrd dnrd 2.6
posadis posadis m5pre1
axis 2120_network_camera 2.41
posadis posadis 0.50.8
axis 2100_network_camera 2.01
axis 2100_network_camera 2.30
axis 2420_network_camera 2.33
delegate delegate 7.8.0
axis 2100_network_camera 2.33
axis 2100_network_camera 2.03
posadis posadis 0.50.5
delegate delegate 8.9.3
axis 2460_network_dvr 3.12
axis 2420_network_camera 2.12
maradns maradns 0.5.28
delegate delegate 8.3.4
axis 2100_network_camera 2.32
posadis posadis 0.50.4
don_moore mydns 0.8
axis 2100_network_camera 2.31
axis 2100_network_camera 2.02
delegate delegate 8.5.0
axis 2401_video_server 3.12
qbik wingate 3.0
axis 2420_network_camera 2.32
axis 2420_network_camera 2.40
axis 2110_network_camera 2.12
axis 2400_video_server 3.11
dnrd dnrd 1.4
axis 2420_network_camera 2.41
axis 2420_network_camera 2.34
delegate delegate 8.3.3
axis 2120_network_camera 2.31
dnrd dnrd 1.3
dnrd dnrd 2.8
qbik wingate 6.0
axis 2100_network_camera 2.41
axis 2120_network_camera 2.30
axis 2120_network_camera 2.40
axis 2110_network_camera 2.40
axis 2110_network_camera 2.31
dnrd dnrd 2.0
delegate delegate 8.4.0
delegate delegate 7.7.1
posadis posadis 0.50.7
posadis posadis 0.50.6
don_moore mydns 0.6
maradns maradns 0.5.30
delegate delegate 8.9.4
qbik wingate 4.0.1
dnrd dnrd 1.0
dnrd dnrd 1.2
dnrd dnrd 2.9
qbik wingate 6.0.1_build_995
dnrd dnrd 2.10
dnrd dnrd 1.1
don_moore mydns 0.7
delegate delegate 8.9.2
delegate delegate 8.9.5
posadis posadis m5pre2
axis 2400_video_server 3.12
axis 2100_network_camera 2.0
don_moore mydns 0.10.0
posadis posadis 0.50.9
axis 2110_network_camera 2.41
pliant pliant_dns_server *
posadis posadis 0.60.0
axis 2110_network_camera 2.32
axis 2120_network_camera 2.32
axis 2120_network_camera 2.34
maradns maradns 0.5.31
axis 2420_network_camera 2.31
qbik wingate 4.1_beta_a
delegate delegate 7.8.1
team_johnlong raidendnsd *
axis 2100_network_camera 2.34
dnrd dnrd 2.2
axis 2110_network_camera 2.34
dnrd dnrd 2.7
axis 2100_network_camera 2.40
delegate delegate 7.9.11
dnrd dnrd 2.4
axis 2100_network_camera 2.12
axis 2110_network_camera 2.30
don_moore mydns 0.9
delegate delegate 8.9
axis 2420_network_camera 2.30
axis 2120_network_camera 2.12
CVE-2004-2425 HIGH

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
axis 2120_network_camera 2.31
axis 2420_video_server 2.32
axis 2400_video_server 2.32
axis 2490_serial_server 2.11.3
axis 2400_video_server 2.20
axis 2130_ptz_network_camera 2.32
axis 2400_video_server 2.31
axis 2100_network_camera 2.41
axis 2120_network_camera 2.30
axis 2120_network_camera 2.40
axis 2400_video_server 1.15
axis 2110_network_camera 2.40
axis 2401_video_server 2.34
axis 2401_video_server 3.13
axis 2110_network_camera 2.31
axis 250s_video_server *
axis 2401_video_server 2.30
axis 2490_serial_server *
axis 2460_network_dvr 3.11
axis 2460_network_dvr 3.10
axis 2420_video_server 2.34
axis 2400_video_server 1.1
axis 2401_video_server 1.0_1
axis 2120_network_camera 2.41
axis 2400_video_server 3.12
axis 2100_network_camera 2.30
axis 2400_video_server 2.34
axis 2110_network_camera 2.41
axis 2420_network_camera 2.33
axis 2100_network_camera 2.33
axis 250s_video_server 3.03
axis 2400_video_server 2.33
axis 2110_network_camera 2.32
axis 2120_network_camera 2.32
axis 2420_network_camera 2.12
axis 2120_network_camera 2.34
axis 230_mpeg2_video_server 3.11
axis 2400_video_server 1.2
axis 2100_network_camera 2.32
axis 2130_ptz_network_camera 2.30
axis 2420_network_camera 2.31
axis 2130_ptz_network_camera 2.40
axis 2401_video_server 1.15
axis 2411_video_server 3.12
axis 2401_video_server 2.33
axis 2400_video_server 1.12
axis 2100_network_camera 2.31
axis 2100_network_camera 2.34
axis 2401_video_server 2.20
axis 2400_video_server 2.0
axis 2401_video_server 3.12
axis 2411_video_server 3.13
axis 2110_network_camera 2.34
axis 2420_network_camera 2.32
axis 2460_network_dvr *
axis 2420_network_camera 2.40
axis 2100_network_camera 2.40
axis 2130_ptz_network_camera 2.31
axis 2110_network_camera 2.12
axis 2400_video_server 3.11
axis 2420_network_camera 2.41
axis storpoint_cd *
axis 2130_ptz_network_camera 2.34
axis 2100_network_camera 2.12
axis 2400_video_server 1.11
axis 2110_network_camera 2.30
axis 2420_network_camera 2.34
axis 2400_video_server 1.10
axis 2401_video_server 2.31
axis 250s_video_server 3.10
axis 2400_video_server 2.30
axis 2401_video_server 2.32
axis 2420_network_camera 2.30
axis 2120_network_camera 2.12
CVE-2004-2426 MEDIUM

Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
axis 2120_network_camera 2.31
axis 2420_video_server 2.32
axis 2400_video_server 2.32
axis 2490_serial_server 2.11.3
axis 2400_video_server 2.20
axis 2130_ptz_network_camera 2.32
axis 2400_video_server 2.31
axis 2100_network_camera 2.41
axis 2120_network_camera 2.30
axis 2120_network_camera 2.40
axis 2400_video_server 1.15
axis 2110_network_camera 2.40
axis 2401_video_server 2.34
axis 2401_video_server 3.13
axis 2110_network_camera 2.31
axis 250s_video_server *
axis 2401_video_server 2.30
axis 2490_serial_server *
axis 2460_network_dvr 3.11
axis 2460_network_dvr 3.10
axis 2420_video_server 2.34
axis 2400_video_server 1.1
axis 2401_video_server 1.0_1
axis 2120_network_camera 2.41
axis 2400_video_server 3.12
axis 2100_network_camera 2.30
axis 2400_video_server 2.34
axis 2110_network_camera 2.41
axis 2420_network_camera 2.33
axis 2100_network_camera 2.33
axis 250s_video_server 3.03
axis 2400_video_server 2.33
axis 2110_network_camera 2.32
axis 2120_network_camera 2.32
axis 2420_network_camera 2.12
axis 2120_network_camera 2.34
axis 230_mpeg2_video_server 3.11
axis 2400_video_server 1.2
axis 2100_network_camera 2.32
axis 2130_ptz_network_camera 2.30
axis 2420_network_camera 2.31
axis 2130_ptz_network_camera 2.40
axis 2401_video_server 1.15
axis 2411_video_server 3.12
axis 2401_video_server 2.33
axis 2400_video_server 1.12
axis 2100_network_camera 2.31
axis 2100_network_camera 2.34
axis 2401_video_server 2.20
axis 2400_video_server 2.0
axis 2401_video_server 3.12
axis 2411_video_server 3.13
axis 2110_network_camera 2.34
axis 2420_network_camera 2.32
axis 2460_network_dvr *
axis 2420_network_camera 2.40
axis 2100_network_camera 2.40
axis 2130_ptz_network_camera 2.31
axis 2110_network_camera 2.12
axis 2400_video_server 3.11
axis 2420_network_camera 2.41
axis storpoint_cd *
axis 2130_ptz_network_camera 2.34
axis 2100_network_camera 2.12
axis 2400_video_server 1.11
axis 2110_network_camera 2.30
axis 2420_network_camera 2.34
axis 2400_video_server 1.10
axis 2401_video_server 2.31
axis 250s_video_server 3.10
axis 2400_video_server 2.30
axis 2401_video_server 2.32
axis 2420_network_camera 2.30
axis 2120_network_camera 2.12
CVE-2004-2427 HIGH

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
axis 2120_network_camera 2.31
axis 2420_video_server 2.32
axis 2400_video_server 2.32
axis 2490_serial_server 2.11.3
axis 2400_video_server 2.20
axis 2130_ptz_network_camera 2.32
axis 2400_video_server 2.31
axis 2100_network_camera 2.41
axis 2120_network_camera 2.30
axis 2120_network_camera 2.40
axis 2400_video_server 1.15
axis 2110_network_camera 2.40
axis 2401_video_server 2.34
axis 2401_video_server 3.13
axis 2110_network_camera 2.31
axis 250s_video_server *
axis 2401_video_server 2.30
axis 2490_serial_server *
axis 2460_network_dvr 3.11
axis 2460_network_dvr 3.10
axis 2420_video_server 2.34
axis 2400_video_server 1.1
axis 2401_video_server 1.0_1
axis 2120_network_camera 2.41
axis 2400_video_server 3.12
axis 2100_network_camera 2.30
axis 2400_video_server 2.34
axis 2110_network_camera 2.41
axis 2420_network_camera 2.33
axis 2100_network_camera 2.33
axis 250s_video_server 3.03
axis 2400_video_server 2.33
axis 2110_network_camera 2.32
axis 2120_network_camera 2.32
axis 2420_network_camera 2.12
axis 2120_network_camera 2.34
axis 230_mpeg2_video_server 3.11
axis 2400_video_server 1.2
axis 2100_network_camera 2.32
axis 2130_ptz_network_camera 2.30
axis 2420_network_camera 2.31
axis 2130_ptz_network_camera 2.40
axis 2401_video_server 1.15
axis 2411_video_server 3.12
axis 2401_video_server 2.33
axis 2400_video_server 1.12
axis 2100_network_camera 2.31
axis 2100_network_camera 2.34
axis 2401_video_server 2.20
axis 2400_video_server 2.0
axis 2401_video_server 3.12
axis 2411_video_server 3.13
axis 2110_network_camera 2.34
axis 2420_network_camera 2.32
axis 2460_network_dvr *
axis 2420_network_camera 2.40
axis 2100_network_camera 2.40
axis 2130_ptz_network_camera 2.31
axis 2110_network_camera 2.12
axis 2400_video_server 3.11
axis 2420_network_camera 2.41
axis storpoint_cd *
axis 2130_ptz_network_camera 2.34
axis 2100_network_camera 2.12
axis 2400_video_server 1.11
axis 2110_network_camera 2.30
axis 2420_network_camera 2.34
axis 2400_video_server 1.10
axis 2401_video_server 2.31
axis 250s_video_server 3.10
axis 2400_video_server 2.30
axis 2401_video_server 2.32
axis 2420_network_camera 2.30
axis 2120_network_camera 2.12
CVE-2013-3543 HIGH

The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
axis media_control_activex_control 6.2.10.11
CVE-2015-8255 MEDIUM

AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
axis axis_communications_firmware *
CVE-2015-8256 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
axis network_camera_firmware -
CVE-2015-8257 HIGH

The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
axis network_camera_firmware -
CVE-2015-8258 HIGH

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
axis axis_communications_firmware *
CVE-2017-12413 MEDIUM

AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
axis 2100_network_camera_firmware 2.43
CVE-2017-15885 MEDIUM

Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
axis 2100_network_camera_firmware 2.03
CVE-2017-20049 HIGH

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
axis m3007_firmware *
axis p1204_firmware *
axis p3367_firmware *
axis m3045_firmware *
axis m3005_firmware *
axis p3225_firmware *
CVE-2018-10658 MEDIUM

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
axis q3505-ve_firmware *
axis p1353_firmware *
axis m3025-ve_firmware *
axis p1357-e_firmware *
axis p3224-lve_mk_ii_firmware *
axis m3104-l_firmware *
axis p3375-lve_firmware *
axis p1427-le_firmware *
axis q3517-lve_firmware *
axis q6045-c_firmware *
axis p3367-v_firmware *
axis p1275_firmware *
axis m5014-v_firmware *
axis p3115-i_firmware *
axis q8665-le_firmware *
axis p3346-v_firmware *
axis p3224-lv_firmware *
axis q7436_blade_firmware *
axis q3504-ve_firmware *
axis p1365_mk_ii_firmware *
axis p1367_firmware *
axis m3114-r_firmware *
axis p3315-z_firmware *
axis q7411_firmware *
axis xf40-q1765_firmware *
axis p3115-z_firmware *
axis q8741-e_firmware *
axis p1365-e_mk_ii_firmware *
axis p3343_firmware *
axis p1365-e_firmware *
axis q6042-c_firmware *
axis p1428-e_firmware *
axis fa54_main_unit_firmware *
axis p3384-v_firmware *
axis q6128-e_firmware *
axis p3905-re_firmware *
axis q6055-c_firmware *
axis q8631-e_firmware *
axis p1204_firmware *
axis m3106-lve_firmware *
axis q1932-e_pt_mount_firmware *
axis q1942-e_pt_mount_firmware *
axis q3517-lv_firmware *
axis v5915_firmware *
axis q1602-e_firmware *
axis m1045-lw_firmware *
axis q7414_blade_firmware *
axis p3225-lve_firmware *
axis m3044-v_firmware *
axis companion_cube_lw_firmware *
axis m1143-l_firmware *
axis m3105-lve_firmware *
axis q1922-e_firmware *
axis p5522_firmware *
axis q8721-e_firmware *
axis q3504-v_firmware *
axis p3374-lv_firmware *
axis p3114-i_firmware *
axis q1614-e_firmware *
axis q2901-e_firmware *
axis q8741-le_firmware *
axis m1065-lw_firmware *
axis p1344-e_firmware *
axis m3106-l_mk_ii_firmware *
axis m3027-pve_firmware *
axis p3904-r_mk_ii_firmware *
axis q8642-e_firmware *
axis p1343-e_firmware *
axis companion_dome_wv_firmware *
axis companion_recorder_8ch_firmware *
axis m1065-l_firmware *
axis q1921-e_firmware *
axis m3204-v_firmware *
axis p3304_firmware *
axis p1126-z_firmware *
axis p3227-lv_firmware *
axis q1647_firmware *
axis m7016_firmware *
axis m3046-v_1.8mm_firmware *
axis p3114-z_firmware *
axis q8655-zle_firmware *
axis p3344-v_firmware *
axis q3505-sve_mk_ii_firmware *
axis p1405-e_firmware *
axis q6035-e_firmware *
axis p1343_firmware *
axis p3214-v_firmware *
axis p3301-v_firmware *
axis q1922_firmware *
axis p1344_firmware *
axis companion_eye_lve_firmware *
axis m1104_firmware *
axis f44_dual_audio_input_firmware *
axis p5544_firmware *
axis q6045-s_firmware *
axis q1931-e_pt_mount_firmware *
axis p3707-pe_firmware *
axis q8742-e_firmware *
axis m3113-r_firmware *
axis q8675-ze_firmware *
axis q6045-c_mk_ii_firmware *
axis p1448-le_firmware *
axis p3705-z_firmware *
axis p1357_firmware *
axis q1604-e_firmware *
axis m3037-pve_firmware *
axis p3225-lv_mk_ii_firmware *
axis m1054_firmware *
axis p5514-e_firmware *
axis companion_dome_v_firmware *
axis m5013-v_firmware *
axis q3515-lve_firmware *
axis p3384-ve_firmware *
axis a9188_firmware *
axis p3224-lve_firmware *
axis q3615-ve_firmware *
axis q6045_firmware *
axis p3314-z_firmware *
axis q6055-e_firmware *
axis q6045-s_mk_ii_firmware *
axis companion_cube_l_firmware *
axis q6052_firmware *
axis d201-s_xpt_q6055_firmware *
axis p1405-le_firmware *
axis q3505-v_firmware *
axis q1941-e_firmware *
axis m1114-e_firmware *
axis q6000-e_firmware *
axis p1224-e_firmware *
axis q6124-e_firmware *
axis c1004-e_firmware *
axis m5055_firmware *
axis p7224_blade_firmware *
axis p7216_firmware *
axis p3364-v_firmware *
axis q1775_firmware *
axis p3228-lve_firmware *
axis p3904-r_firmware *
axis q6044-s_firmware *
axis p3225-lve_mk_ii_firmware *
axis q6042_firmware *
axis m2025-le_firmware *
axis p1325-z_firmware 7.10.1.1
axis m3004-v_firmware *
axis p3363-ve_firmware *
axis p1425-le_firmware *
axis q6034-c_firmware *
axis q6035-c_firmware *
axis q6054_mk_ii_firmware *
axis q6115-e_firmware *
axis q8665-e_firmware *
axis q6032-e_firmware *
axis p3224-ve_mk_ii_firmware *
axis p3301_firmware *
axis q1921_firmware *
axis m2026-le_mk_ii_firmware *
axis f41_main_unit_firmware *
axis m7010_firmware *
axis q1932-e_firmware *
axis p3915-r_firmware *
axis q8742-le_firmware *
axis p1254_firmware *
axis p1125-zl_firmware *
axis p1435-e_firmware *
axis m1034-w_firmware *
axis q6045-e_firmware *
axis q1910_firmware *
axis p1244_firmware *
axis p8514_firmware *
axis q8685-le_firmware *
axis p3225-v_mk_ii_firmware *
axis p3905-r_mk_ii_firmware *
axis p1346_firmware *
axis q8742-e_zoom_firmware *
axis m3105-l_firmware *
axis p3354_firmware *
axis c8033_firmware *
axis q6000-e_mk_ii_firmware *
axis q1605-z_firmware *
axis q1615-e_mk_ii_firmware *
axis p5512-e_firmware *
axis q7424-r_firmware *
axis q8632-e_firmware *
axis q6125-le_firmware *
axis p5534_firmware *
axis p3364-lv_firmware *
axis p5532_firmware *
axis p8524_firmware *
axis q1614_firmware *
axis p5522-e_firmware *
axis m5054_firmware *
axis q1615-e_firmware *
axis p1346-e_firmware *
axis q7424-r_mk_ii_firmware *
axis p5624-e_mk_ii_firmware *
axis q1659_firmware *
axis p3374-v_firmware *
axis c2005_firmware *
axis q1604_firmware *
axis m3048-p_firmware *
axis p1435-le_firmware *
axis m7014_firmware *
axis q3617-ve_firmware *
axis m3203-v_firmware *
axis p5512_firmware *
axis p5514_firmware *
axis p1264_firmware *
axis m3007-pv_firmware *
axis m5014_firmware *
axis q1645_firmware *
axis p1427-e_firmware *
axis xf60-q2901_firmware *
axis q7404_firmware *
axis q1602_firmware *
axis m1025_firmware *
axis p1214_firmware *
axis q3505-ve_mk_ii_firmware *
axis p3343-v_firmware *
axis m3104-lve_firmware *
axis q1775-e_firmware *
axis m1145_firmware *
axis q1635_firmware *
axis companion_bullet_le_firmware *
axis q8641-e_firmware *
axis p1425-le_mk_ii_firmware *
axis m1013_firmware *
axis p1126-zl_firmware *
axis p3314-zl_firmware *
axis q6044-e_firmware *
axis p3315-zl_firmware *
axis m3016_firmware *
axis p3346-ve_firmware *
axis p1265_firmware *
axis p1365_firmware *
axis q6114-e_firmware *
axis m3007-p_firmware *
axis p3365-ve_firmware *
axis p5635-e_mk_ii_firmware *
axis xf40-q2901_firmware *
axis q1910-e_firmware 5.51.5
axis p3125-z_firmware *
axis m3045-v_firmware *
axis q1755-e_firmware *
axis p1367-e_firmware *
axis p3364-lve_firmware *
axis q1941-e_pt_mount_firmware *
axis p3304-v_firmware *
axis m1033-w_firmware *
axis q6042-e_firmware *
axis q6045_mk_ii_firmware *
axis p5515_firmware *
axis companion_c360_firmware *
axis p7210_firmware *
axis p3706-z_firmware *
axis m1125_firmware *
axis q6034-e_firmware *
axis m1114_firmware *
axis q3709-pve_firmware *
axis m1125-e_firmware *
axis p3905-r_firmware *
axis companion_eye_l_firmware *
axis f44_main_unit_firmware *
axis m3113-ve_firmware *
axis p1425-e_firmware *
axis a8105-e_firmware *
axis m5525-e_firmware *
axis p1364_firmware *
axis p3375-lv_firmware *
axis p3215-v_firmware *
axis p3363-v_firmware *
axis m3045-wv_firmware *
axis m3046-v_firmware *
axis f34_main_unit_firmware *
axis p3224-v_mk_ii_firmware *
axis p5635-ze_firmware *
axis q6054_firmware *
axis q1635-e_firmware *
axis q1615_mk_ii_firmware *
axis q6042-s_firmware *
axis q6055-s_firmware *
axis d2050-ve_firmware *
axis m3106-lve_mk_ii_firmware *
axis p1405-le_mk_ii_firmware *
axis p3367-ve_firmware *
axis q6055_firmware *
axis v5914_firmware *
axis xp60-q1765_firmware *
axis p1355-e_firmware *
axis q6035_firmware *
axis q6054-e_firmware *
axis m1124-e_firmware *
axis m3114-ve_firmware *
axis q8685-e_firmware *
axis a1001_firmware *
axis q1942-e_firmware *
axis m1103_firmware *
axis q6034_firmware *
axis p1354-e_firmware *
axis p5532-e_firmware *
axis p3215-ve_firmware *
axis xp40-q1765_firmware *
axis q6032_firmware *
axis q8414-lvs_firmware *
axis p3225-ve_mk_ii_firmware *
axis p3343-ve_firmware *
axis m3015_firmware *
axis a8004-v_firmware *
axis q3505-v_mk_ii_firmware *
axis q6044_firmware *
axis m2014-e_firmware *
axis q1615_firmware *
axis q7406_blade_firmware *
axis m1124_firmware *
axis q3515-lv_firmware *
axis q8742-le_zoom_firmware *
axis p1290_firmware *
axis m3204_firmware *
axis p5534-e_firmware *
axis a9161_firmware *
axis m1144-l_firmware *
axis m3203_firmware *
axis p3344_firmware *
axis q6052-e_firmware *
axis p1447-le_firmware *
axis q1755_firmware *
axis m3026-ve_firmware *
axis m7011_firmware *
axis m3106-l_firmware *
axis xp40-q1942_firmware *
axis p1364-e_firmware *
axis m1113-e_firmware *
axis p3214-ve_firmware *
axis m1145-l_firmware *
axis m1113_firmware *
axis m1004-w_firmware *
axis m2026-le_firmware *
axis q2901-e_pt_mount_firmware *
axis p3364-ve_firmware *
axis m3044-wv_firmware *
axis p3224-lv_mk_ii_firmware *
axis q3708-pve_firmware *
axis p3353_firmware *
axis p5415-e_firmware *
axis p5624-e_firmware *
axis m3047-p_firmware *
axis c3003-e_firmware *
axis p3375-v_firmware *
axis q6155-e_firmware *
axis m3024-lve_firmware *
axis p1214-e_firmware *
axis p7214_firmware *
axis p3225-lv_firmware *
axis p1347-e_firmware *
axis p1355_firmware *
axis m5013_firmware *
axis q7401_firmware *
axis p3375-ve_firmware *
axis m3014_firmware *
axis a9188-v_firmware *
axis p3227-lve_firmware *
axis q6044-c_firmware *
axis p1347_firmware *
axis q1635-z_firmware *
axis p3915-r_mk_ii_firmware *
axis m3006-v_firmware *
axis p1245_firmware *
axis companion_recorder_4ch_firmware *
axis p3365-v_firmware *
axis p5515-e_firmware *
axis p1125-z_firmware *
axis p1354_firmware *
axis p5635-e_firmware *
axis p5414-e_firmware *
axis m5065_firmware *
axis m3005-v_firmware *
axis p3344-ve_firmware *
axis p1280_firmware *
axis p1368-e_firmware *
axis q1765-le_pt_mount_firmware *
axis m1014_firmware *
axis q6032-c_firmware *
axis q6045-e_mk_ii_firmware *
axis q1931-e_firmware *
axis p1353-e_firmware *
axis q8722-e_firmware *
axis p3346_firmware *
axis q6054-e_mk_ii_firmware *
axis q1765-le_firmware *
axis p3228-lv_firmware *
axis p8513_firmware *
CVE-2018-10659 MEDIUM

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
axis q3505-ve_firmware *
axis p1353_firmware *
axis m3025-ve_firmware *
axis p1357-e_firmware *
axis p3224-lve_mk_ii_firmware *
axis m3104-l_firmware *
axis p3375-lve_firmware *
axis p1427-le_firmware *
axis q3517-lve_firmware *
axis q6045-c_firmware *
axis p3367-v_firmware *
axis p1275_firmware *
axis m5014-v_firmware *
axis p3115-i_firmware *
axis q8665-le_firmware *
axis p3346-v_firmware *
axis p3224-lv_firmware *
axis q7436_blade_firmware *
axis q3504-ve_firmware *
axis p1365_mk_ii_firmware *
axis p1367_firmware *
axis m3114-r_firmware *
axis p3315-z_firmware *
axis q7411_firmware *
axis xf40-q1765_firmware *
axis p3115-z_firmware *
axis q8741-e_firmware *
axis p1365-e_mk_ii_firmware *
axis p3343_firmware *
axis p1365-e_firmware *
axis q6042-c_firmware *
axis p1428-e_firmware *
axis fa54_main_unit_firmware *
axis p3384-v_firmware *
axis q6128-e_firmware *
axis p3905-re_firmware *
axis q6055-c_firmware *
axis q8631-e_firmware *
axis p1204_firmware *
axis m3106-lve_firmware *
axis q1932-e_pt_mount_firmware *
axis q1942-e_pt_mount_firmware *
axis q3517-lv_firmware *
axis v5915_firmware *
axis q1602-e_firmware *
axis m1045-lw_firmware *
axis q7414_blade_firmware *
axis p3225-lve_firmware *
axis m3044-v_firmware *
axis companion_cube_lw_firmware *
axis m1143-l_firmware *
axis m3105-lve_firmware *
axis q1922-e_firmware *
axis p5522_firmware *
axis q8721-e_firmware *
axis q3504-v_firmware *
axis p3374-lv_firmware *
axis p3114-i_firmware *
axis q1614-e_firmware *
axis q2901-e_firmware *
axis q8741-le_firmware *
axis m1065-lw_firmware *
axis p1344-e_firmware *
axis m3106-l_mk_ii_firmware *
axis m3027-pve_firmware *
axis p3904-r_mk_ii_firmware *
axis q8642-e_firmware *
axis p1343-e_firmware *
axis companion_dome_wv_firmware *
axis companion_recorder_8ch_firmware *
axis m1065-l_firmware *
axis q1921-e_firmware *
axis m3204-v_firmware *
axis p3304_firmware *
axis p1126-z_firmware *
axis p3227-lv_firmware *
axis q1647_firmware *
axis m7016_firmware *
axis m3046-v_1.8mm_firmware *
axis p3114-z_firmware *
axis q8655-zle_firmware *
axis p3344-v_firmware *
axis q3505-sve_mk_ii_firmware *
axis p1405-e_firmware *
axis q6035-e_firmware *
axis p1343_firmware *
axis p3214-v_firmware *
axis p3301-v_firmware *
axis q1922_firmware *
axis p1344_firmware *
axis companion_eye_lve_firmware *
axis m1104_firmware *
axis f44_dual_audio_input_firmware *
axis p5544_firmware *
axis q6045-s_firmware *
axis q1931-e_pt_mount_firmware *
axis p3707-pe_firmware *
axis q8742-e_firmware *
axis m3113-r_firmware *
axis q8675-ze_firmware *
axis q6045-c_mk_ii_firmware *
axis p1448-le_firmware *
axis p3705-z_firmware *
axis p1357_firmware *
axis q1604-e_firmware *
axis m3037-pve_firmware *
axis p3225-lv_mk_ii_firmware *
axis m1054_firmware *
axis p5514-e_firmware *
axis companion_dome_v_firmware *
axis m5013-v_firmware *
axis q3515-lve_firmware *
axis p3384-ve_firmware *
axis a9188_firmware *
axis p3224-lve_firmware *
axis q3615-ve_firmware *
axis q6045_firmware *
axis p3314-z_firmware *
axis q6055-e_firmware *
axis q6045-s_mk_ii_firmware *
axis companion_cube_l_firmware *
axis q6052_firmware *
axis d201-s_xpt_q6055_firmware *
axis p1405-le_firmware *
axis q3505-v_firmware *
axis q1941-e_firmware *
axis m1114-e_firmware *
axis q6000-e_firmware *
axis p1224-e_firmware *
axis q6124-e_firmware *
axis c1004-e_firmware *
axis m5055_firmware *
axis p7224_blade_firmware *
axis p7216_firmware *
axis p3364-v_firmware *
axis q1775_firmware *
axis p3228-lve_firmware *
axis p3904-r_firmware *
axis q6044-s_firmware *
axis p3225-lve_mk_ii_firmware *
axis q6042_firmware *
axis m2025-le_firmware *
axis p1325-z_firmware 7.10.1.1
axis m3004-v_firmware *
axis p3363-ve_firmware *
axis p1425-le_firmware *
axis q6034-c_firmware *
axis q6035-c_firmware *
axis q6054_mk_ii_firmware *
axis q6115-e_firmware *
axis q8665-e_firmware *
axis q6032-e_firmware *
axis p3224-ve_mk_ii_firmware *
axis p3301_firmware *
axis q1921_firmware *
axis m2026-le_mk_ii_firmware *
axis f41_main_unit_firmware *
axis m7010_firmware *
axis q1932-e_firmware *
axis p3915-r_firmware *
axis q8742-le_firmware *
axis p1254_firmware *
axis p1125-zl_firmware *
axis p1435-e_firmware *
axis m1034-w_firmware *
axis q6045-e_firmware *
axis q1910_firmware *
axis p1244_firmware *
axis p8514_firmware *
axis q8685-le_firmware *
axis p3225-v_mk_ii_firmware *
axis p3905-r_mk_ii_firmware *
axis p1346_firmware *
axis q8742-e_zoom_firmware *
axis m3105-l_firmware *
axis p3354_firmware *
axis c8033_firmware *
axis q6000-e_mk_ii_firmware *
axis q1605-z_firmware *
axis q1615-e_mk_ii_firmware *
axis p5512-e_firmware *
axis q7424-r_firmware *
axis q8632-e_firmware *
axis q6125-le_firmware *
axis p5534_firmware *
axis p3364-lv_firmware *
axis p5532_firmware *
axis p8524_firmware *
axis q1614_firmware *
axis p5522-e_firmware *
axis m5054_firmware *
axis q1615-e_firmware *
axis p1346-e_firmware *
axis q7424-r_mk_ii_firmware *
axis p5624-e_mk_ii_firmware *
axis q1659_firmware *
axis p3374-v_firmware *
axis c2005_firmware *
axis q1604_firmware *
axis m3048-p_firmware *
axis p1435-le_firmware *
axis m7014_firmware *
axis q3617-ve_firmware *
axis m3203-v_firmware *
axis p5512_firmware *
axis p5514_firmware *
axis p1264_firmware *
axis m3007-pv_firmware *
axis m5014_firmware *
axis q1645_firmware *
axis p1427-e_firmware *
axis xf60-q2901_firmware *
axis q7404_firmware *
axis q1602_firmware *
axis m1025_firmware *
axis p1214_firmware *
axis q3505-ve_mk_ii_firmware *
axis p3343-v_firmware *
axis m3104-lve_firmware *
axis q1775-e_firmware *
axis m1145_firmware *
axis q1635_firmware *
axis companion_bullet_le_firmware *
axis q8641-e_firmware *
axis p1425-le_mk_ii_firmware *
axis m1013_firmware *
axis p1126-zl_firmware *
axis p3314-zl_firmware *
axis q6044-e_firmware *
axis p3315-zl_firmware *
axis m3016_firmware *
axis p3346-ve_firmware *
axis p1265_firmware *
axis p1365_firmware *
axis q6114-e_firmware *
axis m3007-p_firmware *
axis p3365-ve_firmware *
axis p5635-e_mk_ii_firmware *
axis xf40-q2901_firmware *
axis q1910-e_firmware 5.51.5
axis p3125-z_firmware *
axis m3045-v_firmware *
axis q1755-e_firmware *
axis p1367-e_firmware *
axis p3364-lve_firmware *
axis q1941-e_pt_mount_firmware *
axis p3304-v_firmware *
axis m1033-w_firmware *
axis q6042-e_firmware *
axis q6045_mk_ii_firmware *
axis p5515_firmware *
axis companion_c360_firmware *
axis p7210_firmware *
axis p3706-z_firmware *
axis m1125_firmware *
axis q6034-e_firmware *
axis m1114_firmware *
axis q3709-pve_firmware *
axis m1125-e_firmware *
axis p3905-r_firmware *
axis companion_eye_l_firmware *
axis f44_main_unit_firmware *
axis m3113-ve_firmware *
axis p1425-e_firmware *
axis a8105-e_firmware *
axis m5525-e_firmware *
axis p1364_firmware *
axis p3375-lv_firmware *
axis p3215-v_firmware *
axis p3363-v_firmware *
axis m3045-wv_firmware *
axis m3046-v_firmware *
axis f34_main_unit_firmware *
axis p3224-v_mk_ii_firmware *
axis p5635-ze_firmware *
axis q6054_firmware *
axis q1635-e_firmware *
axis q1615_mk_ii_firmware *
axis q6042-s_firmware *
axis q6055-s_firmware *
axis d2050-ve_firmware *
axis m3106-lve_mk_ii_firmware *
axis p1405-le_mk_ii_firmware *
axis p3367-ve_firmware *
axis q6055_firmware *
axis v5914_firmware *
axis xp60-q1765_firmware *
axis p1355-e_firmware *
axis q6035_firmware *
axis q6054-e_firmware *
axis m1124-e_firmware *
axis m3114-ve_firmware *
axis q8685-e_firmware *
axis a1001_firmware *
axis q1942-e_firmware *
axis m1103_firmware *
axis q6034_firmware *
axis p1354-e_firmware *
axis p5532-e_firmware *
axis p3215-ve_firmware *
axis xp40-q1765_firmware *
axis q6032_firmware *
axis q8414-lvs_firmware *
axis p3225-ve_mk_ii_firmware *
axis p3343-ve_firmware *
axis m3015_firmware *
axis a8004-v_firmware *
axis q3505-v_mk_ii_firmware *
axis q6044_firmware *
axis m2014-e_firmware *
axis q1615_firmware *
axis q7406_blade_firmware *
axis m1124_firmware *
axis q3515-lv_firmware *
axis q8742-le_zoom_firmware *
axis p1290_firmware *
axis m3204_firmware *
axis p5534-e_firmware *
axis a9161_firmware *
axis m1144-l_firmware *
axis m3203_firmware *
axis p3344_firmware *
axis q6052-e_firmware *
axis p1447-le_firmware *
axis q1755_firmware *
axis m3026-ve_firmware *
axis m7011_firmware *
axis m3106-l_firmware *
axis xp40-q1942_firmware *
axis p1364-e_firmware *
axis m1113-e_firmware *
axis p3214-ve_firmware *
axis m1145-l_firmware *
axis m1113_firmware *
axis m1004-w_firmware *
axis m2026-le_firmware *
axis q2901-e_pt_mount_firmware *
axis p3364-ve_firmware *
axis m3044-wv_firmware *
axis p3224-lv_mk_ii_firmware *
axis q3708-pve_firmware *
axis p3353_firmware *
axis p5415-e_firmware *
axis p5624-e_firmware *
axis m3047-p_firmware *
axis c3003-e_firmware *
axis p3375-v_firmware *
axis q6155-e_firmware *
axis m3024-lve_firmware *
axis p1214-e_firmware *
axis p7214_firmware *
axis p3225-lv_firmware *
axis p1347-e_firmware *
axis p1355_firmware *
axis m5013_firmware *
axis q7401_firmware *
axis p3375-ve_firmware *
axis m3014_firmware *
axis a9188-v_firmware *
axis p3227-lve_firmware *
axis q6044-c_firmware *
axis p1347_firmware *
axis q1635-z_firmware *
axis p3915-r_mk_ii_firmware *
axis m3006-v_firmware *
axis p1245_firmware *
axis companion_recorder_4ch_firmware *
axis p3365-v_firmware *
axis p5515-e_firmware *
axis p1125-z_firmware *
axis p1354_firmware *
axis p5635-e_firmware *
axis p5414-e_firmware *
axis m5065_firmware *
axis m3005-v_firmware *
axis p3344-ve_firmware *
axis p1280_firmware *
axis p1368-e_firmware *
axis q1765-le_pt_mount_firmware *
axis m1014_firmware *
axis q6032-c_firmware *
axis q6045-e_mk_ii_firmware *
axis q1931-e_firmware *
axis p1353-e_firmware *
axis q8722-e_firmware *
axis p3346_firmware *
axis q6054-e_mk_ii_firmware *
axis q1765-le_firmware *
axis p3228-lv_firmware *
axis p8513_firmware *
CVE-2018-10660 HIGH

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
axis q3505-ve_firmware *
axis p1353_firmware *
axis m3025-ve_firmware *
axis p1357-e_firmware *
axis p3224-lve_mk_ii_firmware *
axis m3104-l_firmware *
axis p3375-lve_firmware *
axis p1427-le_firmware *
axis q3517-lve_firmware *
axis q6045-c_firmware *
axis p3367-v_firmware *
axis p1275_firmware *
axis m5014-v_firmware *
axis p3115-i_firmware *
axis q8665-le_firmware *
axis p3346-v_firmware *
axis p3224-lv_firmware *
axis q7436_blade_firmware *
axis q3504-ve_firmware *
axis p1365_mk_ii_firmware *
axis p1367_firmware *
axis m3114-r_firmware *
axis p3315-z_firmware *
axis q7411_firmware *
axis xf40-q1765_firmware *
axis p3115-z_firmware *
axis q8741-e_firmware *
axis p1365-e_mk_ii_firmware *
axis p3343_firmware *
axis p1365-e_firmware *
axis q6042-c_firmware *
axis p1428-e_firmware *
axis fa54_main_unit_firmware *
axis p3384-v_firmware *
axis q6128-e_firmware *
axis p3905-re_firmware *
axis q6055-c_firmware *
axis q8631-e_firmware *
axis p1204_firmware *
axis m3106-lve_firmware *
axis q1932-e_pt_mount_firmware *
axis q1942-e_pt_mount_firmware *
axis q3517-lv_firmware *
axis v5915_firmware *
axis q1602-e_firmware *
axis m1045-lw_firmware *
axis q7414_blade_firmware *
axis p3225-lve_firmware *
axis m3044-v_firmware *
axis companion_cube_lw_firmware *
axis m1143-l_firmware *
axis m3105-lve_firmware *
axis q1922-e_firmware *
axis p5522_firmware *
axis q8721-e_firmware *
axis q3504-v_firmware *
axis p3374-lv_firmware *
axis p3114-i_firmware *
axis q1614-e_firmware *
axis q2901-e_firmware *
axis q8741-le_firmware *
axis m1065-lw_firmware *
axis p1344-e_firmware *
axis m3106-l_mk_ii_firmware *
axis m3027-pve_firmware *
axis p3904-r_mk_ii_firmware *
axis q8642-e_firmware *
axis p1343-e_firmware *
axis companion_dome_wv_firmware *
axis companion_recorder_8ch_firmware *
axis m1065-l_firmware *
axis q1921-e_firmware *
axis m3204-v_firmware *
axis p3304_firmware *
axis p1126-z_firmware *
axis p3227-lv_firmware *
axis q1647_firmware *
axis m7016_firmware *
axis m3046-v_1.8mm_firmware *
axis p3114-z_firmware *
axis q8655-zle_firmware *
axis p3344-v_firmware *
axis q3505-sve_mk_ii_firmware *
axis p1405-e_firmware *
axis q6035-e_firmware *
axis p1343_firmware *
axis p3214-v_firmware *
axis p3301-v_firmware *
axis q1922_firmware *
axis p1344_firmware *
axis companion_eye_lve_firmware *
axis m1104_firmware *
axis f44_dual_audio_input_firmware *
axis p5544_firmware *
axis q6045-s_firmware *
axis q1931-e_pt_mount_firmware *
axis p3707-pe_firmware *
axis q8742-e_firmware *
axis m3113-r_firmware *
axis q8675-ze_firmware *
axis q6045-c_mk_ii_firmware *
axis p1448-le_firmware *
axis p3705-z_firmware *
axis p1357_firmware *
axis q1604-e_firmware *
axis m3037-pve_firmware *
axis p3225-lv_mk_ii_firmware *
axis m1054_firmware *
axis p5514-e_firmware *
axis companion_dome_v_firmware *
axis m5013-v_firmware *
axis q3515-lve_firmware *
axis p3384-ve_firmware *
axis a9188_firmware *
axis p3224-lve_firmware *
axis q3615-ve_firmware *
axis q6045_firmware *
axis p3314-z_firmware *
axis q6055-e_firmware *
axis q6045-s_mk_ii_firmware *
axis companion_cube_l_firmware *
axis q6052_firmware *
axis d201-s_xpt_q6055_firmware *
axis p1405-le_firmware *
axis q3505-v_firmware *
axis q1941-e_firmware *
axis m1114-e_firmware *
axis q6000-e_firmware *
axis p1224-e_firmware *
axis q6124-e_firmware *
axis c1004-e_firmware *
axis m5055_firmware *
axis p7224_blade_firmware *
axis p7216_firmware *
axis p3364-v_firmware *
axis q1775_firmware *
axis p3228-lve_firmware *
axis p3904-r_firmware *
axis q6044-s_firmware *
axis p3225-lve_mk_ii_firmware *
axis q6042_firmware *
axis m2025-le_firmware *
axis p1325-z_firmware 7.10.1.1
axis m3004-v_firmware *
axis p3363-ve_firmware *
axis p1425-le_firmware *
axis q6034-c_firmware *
axis q6035-c_firmware *
axis q6054_mk_ii_firmware *
axis q6115-e_firmware *
axis q8665-e_firmware *
axis q6032-e_firmware *
axis p3224-ve_mk_ii_firmware *
axis p3301_firmware *
axis q1921_firmware *
axis m2026-le_mk_ii_firmware *
axis f41_main_unit_firmware *
axis m7010_firmware *
axis q1932-e_firmware *
axis p3915-r_firmware *
axis q8742-le_firmware *
axis p1254_firmware *
axis p1125-zl_firmware *
axis p1435-e_firmware *
axis m1034-w_firmware *
axis q6045-e_firmware *
axis q1910_firmware *
axis p1244_firmware *
axis p8514_firmware *
axis q8685-le_firmware *
axis p3225-v_mk_ii_firmware *
axis p3905-r_mk_ii_firmware *
axis p1346_firmware *
axis q8742-e_zoom_firmware *
axis m3105-l_firmware *
axis p3354_firmware *
axis c8033_firmware *
axis q6000-e_mk_ii_firmware *
axis q1605-z_firmware *
axis q1615-e_mk_ii_firmware *
axis p5512-e_firmware *
axis q7424-r_firmware *
axis q8632-e_firmware *
axis q6125-le_firmware *
axis p5534_firmware *
axis p3364-lv_firmware *
axis p5532_firmware *
axis p8524_firmware *
axis q1614_firmware *
axis p5522-e_firmware *
axis m5054_firmware *
axis q1615-e_firmware *
axis p1346-e_firmware *
axis q7424-r_mk_ii_firmware *
axis p5624-e_mk_ii_firmware *
axis q1659_firmware *
axis p3374-v_firmware *
axis c2005_firmware *
axis q1604_firmware *
axis m3048-p_firmware *
axis p1435-le_firmware *
axis m7014_firmware *
axis q3617-ve_firmware *
axis m3203-v_firmware *
axis p5512_firmware *
axis p5514_firmware *
axis p1264_firmware *
axis m3007-pv_firmware *
axis m5014_firmware *
axis q1645_firmware *
axis p1427-e_firmware *
axis xf60-q2901_firmware *
axis q7404_firmware *
axis q1602_firmware *
axis m1025_firmware *
axis p1214_firmware *
axis q3505-ve_mk_ii_firmware *
axis p3343-v_firmware *
axis m3104-lve_firmware *
axis q1775-e_firmware *
axis m1145_firmware *
axis q1635_firmware *
axis companion_bullet_le_firmware *
axis q8641-e_firmware *
axis p1425-le_mk_ii_firmware *
axis m1013_firmware *
axis p1126-zl_firmware *
axis p3314-zl_firmware *
axis q6044-e_firmware *
axis p3315-zl_firmware *
axis m3016_firmware *
axis p3346-ve_firmware *
axis p1265_firmware *
axis p1365_firmware *
axis q6114-e_firmware *
axis m3007-p_firmware *
axis p3365-ve_firmware *
axis p5635-e_mk_ii_firmware *
axis xf40-q2901_firmware *
axis q1910-e_firmware 5.51.5
axis p3125-z_firmware *
axis m3045-v_firmware *
axis q1755-e_firmware *
axis p1367-e_firmware *
axis p3364-lve_firmware *
axis q1941-e_pt_mount_firmware *
axis p3304-v_firmware *
axis m1033-w_firmware *
axis q6042-e_firmware *
axis q6045_mk_ii_firmware *
axis p5515_firmware *
axis companion_c360_firmware *
axis p7210_firmware *
axis p3706-z_firmware *
axis m1125_firmware *
axis q6034-e_firmware *
axis m1114_firmware *
axis q3709-pve_firmware *
axis m1125-e_firmware *
axis p3905-r_firmware *
axis companion_eye_l_firmware *
axis f44_main_unit_firmware *
axis m3113-ve_firmware *
axis p1425-e_firmware *
axis a8105-e_firmware *
axis m5525-e_firmware *
axis p1364_firmware *
axis p3375-lv_firmware *
axis p3215-v_firmware *
axis p3363-v_firmware *
axis m3045-wv_firmware *
axis m3046-v_firmware *
axis f34_main_unit_firmware *
axis p3224-v_mk_ii_firmware *
axis p5635-ze_firmware *
axis q6054_firmware *
axis q1635-e_firmware *
axis q1615_mk_ii_firmware *
axis q6042-s_firmware *
axis q6055-s_firmware *
axis d2050-ve_firmware *
axis m3106-lve_mk_ii_firmware *
axis p1405-le_mk_ii_firmware *
axis p3367-ve_firmware *
axis q6055_firmware *
axis v5914_firmware *
axis xp60-q1765_firmware *
axis p1355-e_firmware *
axis q6035_firmware *
axis q6054-e_firmware *
axis m1124-e_firmware *
axis m3114-ve_firmware *
axis q8685-e_firmware *
axis a1001_firmware *
axis q1942-e_firmware *
axis m1103_firmware *
axis q6034_firmware *
axis p1354-e_firmware *
axis p5532-e_firmware *
axis p3215-ve_firmware *
axis xp40-q1765_firmware *
axis q6032_firmware *
axis q8414-lvs_firmware *
axis p3225-ve_mk_ii_firmware *
axis p3343-ve_firmware *
axis m3015_firmware *
axis a8004-v_firmware *
axis q3505-v_mk_ii_firmware *
axis q6044_firmware *
axis m2014-e_firmware *
axis q1615_firmware *
axis q7406_blade_firmware *
axis m1124_firmware *
axis q3515-lv_firmware *
axis q8742-le_zoom_firmware *
axis p1290_firmware *
axis m3204_firmware *
axis p5534-e_firmware *
axis a9161_firmware *
axis m1144-l_firmware *
axis m3203_firmware *
axis p3344_firmware *
axis q6052-e_firmware *
axis p1447-le_firmware *
axis q1755_firmware *
axis m3026-ve_firmware *
axis m7011_firmware *
axis m3106-l_firmware *
axis xp40-q1942_firmware *
axis p1364-e_firmware *
axis m1113-e_firmware *
axis p3214-ve_firmware *
axis m1145-l_firmware *
axis m1113_firmware *
axis m1004-w_firmware *
axis m2026-le_firmware *
axis q2901-e_pt_mount_firmware *
axis p3364-ve_firmware *
axis m3044-wv_firmware *
axis p3224-lv_mk_ii_firmware *
axis q3708-pve_firmware *
axis p3353_firmware *
axis p5415-e_firmware *
axis p5624-e_firmware *
axis m3047-p_firmware *
axis c3003-e_firmware *
axis p3375-v_firmware *
axis q6155-e_firmware *
axis m3024-lve_firmware *
axis p1214-e_firmware *
axis p7214_firmware *
axis p3225-lv_firmware *
axis p1347-e_firmware *
axis p1355_firmware *
axis m5013_firmware *
axis q7401_firmware *
axis p3375-ve_firmware *
axis m3014_firmware *
axis a9188-v_firmware *
axis p3227-lve_firmware *
axis q6044-c_firmware *
axis p1347_firmware *
axis q1635-z_firmware *
axis p3915-r_mk_ii_firmware *
axis m3006-v_firmware *
axis p1245_firmware *
axis companion_recorder_4ch_firmware *
axis p3365-v_firmware *
axis p5515-e_firmware *
axis p1125-z_firmware *
axis p1354_firmware *
axis p5635-e_firmware *
axis p5414-e_firmware *
axis m5065_firmware *
axis m3005-v_firmware *
axis p3344-ve_firmware *
axis p1280_firmware *
axis p1368-e_firmware *
axis q1765-le_pt_mount_firmware *
axis m1014_firmware *
axis q6032-c_firmware *
axis q6045-e_mk_ii_firmware *
axis q1931-e_firmware *
axis p1353-e_firmware *
axis q8722-e_firmware *
axis p3346_firmware *
axis q6054-e_mk_ii_firmware *
axis q1765-le_firmware *
axis p3228-lv_firmware *
axis p8513_firmware *
CVE-2018-10661 HIGH

An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
axis q3505-ve_firmware *
axis p1353_firmware *
axis m3025-ve_firmware *
axis p1357-e_firmware *
axis p3224-lve_mk_ii_firmware *
axis m3104-l_firmware *
axis p3375-lve_firmware *
axis p1427-le_firmware *
axis q3517-lve_firmware *
axis q6045-c_firmware *
axis p3367-v_firmware *
axis p1275_firmware *
axis m5014-v_firmware *
axis p3115-i_firmware *
axis q8665-le_firmware *
axis p3346-v_firmware *
axis p3224-lv_firmware *
axis q7436_blade_firmware *
axis q3504-ve_firmware *
axis p1365_mk_ii_firmware *
axis p1367_firmware *
axis m3114-r_firmware *
axis p3315-z_firmware *
axis q7411_firmware *
axis xf40-q1765_firmware *
axis p3115-z_firmware *
axis q8741-e_firmware *
axis p1365-e_mk_ii_firmware *
axis p3343_firmware *
axis p1365-e_firmware *
axis q6042-c_firmware *
axis p1428-e_firmware *
axis fa54_main_unit_firmware *
axis p3384-v_firmware *
axis q6128-e_firmware *
axis p3905-re_firmware *
axis q6055-c_firmware *
axis q8631-e_firmware *
axis p1204_firmware *
axis m3106-lve_firmware *
axis q1932-e_pt_mount_firmware *
axis q1942-e_pt_mount_firmware *
axis q3517-lv_firmware *
axis v5915_firmware *
axis q1602-e_firmware *
axis m1045-lw_firmware *
axis q7414_blade_firmware *
axis p3225-lve_firmware *
axis m3044-v_firmware *
axis companion_cube_lw_firmware *
axis m1143-l_firmware *
axis m3105-lve_firmware *
axis q1922-e_firmware *
axis p5522_firmware *
axis q8721-e_firmware *
axis q3504-v_firmware *
axis p3374-lv_firmware *
axis p3114-i_firmware *
axis q1614-e_firmware *
axis q2901-e_firmware *
axis q8741-le_firmware *
axis m1065-lw_firmware *
axis p1344-e_firmware *
axis m3106-l_mk_ii_firmware *
axis m3027-pve_firmware *
axis p3904-r_mk_ii_firmware *
axis q8642-e_firmware *
axis p1343-e_firmware *
axis companion_dome_wv_firmware *
axis companion_recorder_8ch_firmware *
axis m1065-l_firmware *
axis q1921-e_firmware *
axis m3204-v_firmware *
axis p3304_firmware *
axis p1126-z_firmware *
axis p3227-lv_firmware *
axis q1647_firmware *
axis m7016_firmware *
axis m3046-v_1.8mm_firmware *
axis p3114-z_firmware *
axis q8655-zle_firmware *
axis p3344-v_firmware *
axis q3505-sve_mk_ii_firmware *
axis p1405-e_firmware *
axis q6035-e_firmware *
axis p1343_firmware *
axis p3214-v_firmware *
axis p3301-v_firmware *
axis q1922_firmware *
axis p1344_firmware *
axis companion_eye_lve_firmware *
axis m1104_firmware *
axis f44_dual_audio_input_firmware *
axis p5544_firmware *
axis q6045-s_firmware *
axis q1931-e_pt_mount_firmware *
axis p3707-pe_firmware *
axis q8742-e_firmware *
axis m3113-r_firmware *
axis q8675-ze_firmware *
axis q6045-c_mk_ii_firmware *
axis p1448-le_firmware *
axis p3705-z_firmware *
axis p1357_firmware *
axis q1604-e_firmware *
axis m3037-pve_firmware *
axis p3225-lv_mk_ii_firmware *
axis m1054_firmware *
axis p5514-e_firmware *
axis companion_dome_v_firmware *
axis m5013-v_firmware *
axis q3515-lve_firmware *
axis p3384-ve_firmware *
axis a9188_firmware *
axis p3224-lve_firmware *
axis q3615-ve_firmware *
axis q6045_firmware *
axis p3314-z_firmware *
axis q6055-e_firmware *
axis q6045-s_mk_ii_firmware *
axis companion_cube_l_firmware *
axis q6052_firmware *
axis d201-s_xpt_q6055_firmware *
axis p1405-le_firmware *
axis q3505-v_firmware *
axis q1941-e_firmware *
axis m1114-e_firmware *
axis q6000-e_firmware *
axis p1224-e_firmware *
axis q6124-e_firmware *
axis c1004-e_firmware *
axis m5055_firmware *
axis p7224_blade_firmware *
axis p7216_firmware *
axis p3364-v_firmware *
axis q1775_firmware *
axis p3228-lve_firmware *
axis p3904-r_firmware *
axis q6044-s_firmware *
axis p3225-lve_mk_ii_firmware *
axis q6042_firmware *
axis m2025-le_firmware *
axis p1325-z_firmware 7.10.1.1
axis m3004-v_firmware *
axis p3363-ve_firmware *
axis p1425-le_firmware *
axis q6034-c_firmware *
axis q6035-c_firmware *
axis q6054_mk_ii_firmware *
axis q6115-e_firmware *
axis q8665-e_firmware *
axis q6032-e_firmware *
axis p3224-ve_mk_ii_firmware *
axis p3301_firmware *
axis q1921_firmware *
axis m2026-le_mk_ii_firmware *
axis f41_main_unit_firmware *
axis m7010_firmware *
axis q1932-e_firmware *
axis p3915-r_firmware *
axis q8742-le_firmware *
axis p1254_firmware *
axis p1125-zl_firmware *
axis p1435-e_firmware *
axis m1034-w_firmware *
axis q6045-e_firmware *
axis q1910_firmware *
axis p1244_firmware *
axis p8514_firmware *
axis q8685-le_firmware *
axis p3225-v_mk_ii_firmware *
axis p3905-r_mk_ii_firmware *
axis p1346_firmware *
axis q8742-e_zoom_firmware *
axis m3105-l_firmware *
axis p3354_firmware *
axis c8033_firmware *
axis q6000-e_mk_ii_firmware *
axis q1605-z_firmware *
axis q1615-e_mk_ii_firmware *
axis p5512-e_firmware *
axis q7424-r_firmware *
axis q8632-e_firmware *
axis q6125-le_firmware *
axis p5534_firmware *
axis p3364-lv_firmware *
axis p5532_firmware *
axis p8524_firmware *
axis q1614_firmware *
axis p5522-e_firmware *
axis m5054_firmware *
axis q1615-e_firmware *
axis p1346-e_firmware *
axis q7424-r_mk_ii_firmware *
axis p5624-e_mk_ii_firmware *
axis q1659_firmware *
axis p3374-v_firmware *
axis c2005_firmware *
axis q1604_firmware *
axis m3048-p_firmware *
axis p1435-le_firmware *
axis m7014_firmware *
axis q3617-ve_firmware *
axis m3203-v_firmware *
axis p5512_firmware *
axis p5514_firmware *
axis p1264_firmware *
axis m3007-pv_firmware *
axis m5014_firmware *
axis q1645_firmware *
axis p1427-e_firmware *
axis xf60-q2901_firmware *
axis q7404_firmware *
axis q1602_firmware *
axis m1025_firmware *
axis p1214_firmware *
axis q3505-ve_mk_ii_firmware *
axis p3343-v_firmware *
axis m3104-lve_firmware *
axis q1775-e_firmware *
axis m1145_firmware *
axis q1635_firmware *
axis companion_bullet_le_firmware *
axis q8641-e_firmware *
axis p1425-le_mk_ii_firmware *
axis m1013_firmware *
axis p1126-zl_firmware *
axis p3314-zl_firmware *
axis q6044-e_firmware *
axis p3315-zl_firmware *
axis m3016_firmware *
axis p3346-ve_firmware *
axis p1265_firmware *
axis p1365_firmware *
axis q6114-e_firmware *
axis m3007-p_firmware *
axis p3365-ve_firmware *
axis p5635-e_mk_ii_firmware *
axis xf40-q2901_firmware *
axis q1910-e_firmware 5.51.5
axis p3125-z_firmware *
axis m3045-v_firmware *
axis q1755-e_firmware *
axis p1367-e_firmware *
axis p3364-lve_firmware *
axis q1941-e_pt_mount_firmware *
axis p3304-v_firmware *
axis m1033-w_firmware *
axis q6042-e_firmware *
axis q6045_mk_ii_firmware *
axis p5515_firmware *
axis companion_c360_firmware *
axis p7210_firmware *
axis p3706-z_firmware *
axis m1125_firmware *
axis q6034-e_firmware *
axis m1114_firmware *
axis q3709-pve_firmware *
axis m1125-e_firmware *
axis p3905-r_firmware *
axis companion_eye_l_firmware *
axis f44_main_unit_firmware *
axis m3113-ve_firmware *
axis p1425-e_firmware *
axis a8105-e_firmware *
axis m5525-e_firmware *
axis p1364_firmware *
axis p3375-lv_firmware *
axis p3215-v_firmware *
axis p3363-v_firmware *
axis m3045-wv_firmware *
axis m3046-v_firmware *
axis f34_main_unit_firmware *
axis p3224-v_mk_ii_firmware *
axis p5635-ze_firmware *
axis q6054_firmware *
axis q1635-e_firmware *
axis q1615_mk_ii_firmware *
axis q6042-s_firmware *
axis q6055-s_firmware *
axis d2050-ve_firmware *
axis m3106-lve_mk_ii_firmware *
axis p1405-le_mk_ii_firmware *
axis p3367-ve_firmware *
axis q6055_firmware *
axis v5914_firmware *
axis xp60-q1765_firmware *
axis p1355-e_firmware *
axis q6035_firmware *
axis q6054-e_firmware *
axis m1124-e_firmware *
axis m3114-ve_firmware *
axis q8685-e_firmware *
axis a1001_firmware *
axis q1942-e_firmware *
axis m1103_firmware *
axis q6034_firmware *
axis p1354-e_firmware *
axis p5532-e_firmware *
axis p3215-ve_firmware *
axis xp40-q1765_firmware *
axis q6032_firmware *
axis q8414-lvs_firmware *
axis p3225-ve_mk_ii_firmware *
axis p3343-ve_firmware *
axis m3015_firmware *
axis a8004-v_firmware *
axis q3505-v_mk_ii_firmware *
axis q6044_firmware *
axis m2014-e_firmware *
axis q1615_firmware *
axis q7406_blade_firmware *
axis m1124_firmware *
axis q3515-lv_firmware *
axis q8742-le_zoom_firmware *
axis p1290_firmware *
axis m3204_firmware *
axis p5534-e_firmware *
axis a9161_firmware *
axis m1144-l_firmware *
axis m3203_firmware *
axis p3344_firmware *
axis q6052-e_firmware *
axis p1447-le_firmware *
axis q1755_firmware *
axis m3026-ve_firmware *
axis m7011_firmware *
axis m3106-l_firmware *
axis xp40-q1942_firmware *
axis p1364-e_firmware *
axis m1113-e_firmware *
axis p3214-ve_firmware *
axis m1145-l_firmware *
axis m1113_firmware *
axis m1004-w_firmware *
axis m2026-le_firmware *
axis q2901-e_pt_mount_firmware *
axis p3364-ve_firmware *
axis m3044-wv_firmware *
axis p3224-lv_mk_ii_firmware *
axis q3708-pve_firmware *
axis p3353_firmware *
axis p5415-e_firmware *
axis p5624-e_firmware *
axis m3047-p_firmware *
axis c3003-e_firmware *
axis p3375-v_firmware *
axis q6155-e_firmware *
axis m3024-lve_firmware *
axis p1214-e_firmware *
axis p7214_firmware *
axis p3225-lv_firmware *
axis p1347-e_firmware *
axis p1355_firmware *
axis m5013_firmware *
axis q7401_firmware *
axis p3375-ve_firmware *
axis m3014_firmware *
axis a9188-v_firmware *
axis p3227-lve_firmware *
axis q6044-c_firmware *
axis p1347_firmware *
axis q1635-z_firmware *
axis p3915-r_mk_ii_firmware *
axis m3006-v_firmware *
axis p1245_firmware *
axis companion_recorder_4ch_firmware *
axis p3365-v_firmware *
axis p5515-e_firmware *
axis p1125-z_firmware *
axis p1354_firmware *
axis p5635-e_firmware *
axis p5414-e_firmware *
axis m5065_firmware *
axis m3005-v_firmware *
axis p3344-ve_firmware *
axis p1280_firmware *
axis p1368-e_firmware *
axis q1765-le_pt_mount_firmware *
axis m1014_firmware *
axis q6032-c_firmware *
axis q6045-e_mk_ii_firmware *
axis q1931-e_firmware *
axis p1353-e_firmware *
axis q8722-e_firmware *
axis p3346_firmware *
axis q6054-e_mk_ii_firmware *
axis q1765-le_firmware *
axis p3228-lv_firmware *
axis p8513_firmware *
CVE-2018-10662 HIGH

An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
axis q3505-ve_firmware *
axis p1353_firmware *
axis m3025-ve_firmware *
axis p1357-e_firmware *
axis p3224-lve_mk_ii_firmware *
axis m3104-l_firmware *
axis p3375-lve_firmware *
axis p1427-le_firmware *
axis q3517-lve_firmware *
axis q6045-c_firmware *
axis p3367-v_firmware *
axis p1275_firmware *
axis m5014-v_firmware *
axis p3115-i_firmware *
axis q8665-le_firmware *
axis p3346-v_firmware *
axis p3224-lv_firmware *
axis q7436_blade_firmware *
axis q3504-ve_firmware *
axis p1365_mk_ii_firmware *
axis p1367_firmware *
axis m3114-r_firmware *
axis p3315-z_firmware *
axis q7411_firmware *
axis xf40-q1765_firmware *
axis p3115-z_firmware *
axis q8741-e_firmware *
axis p1365-e_mk_ii_firmware *
axis p3343_firmware *
axis p1365-e_firmware *
axis q6042-c_firmware *
axis p1428-e_firmware *
axis fa54_main_unit_firmware *
axis p3384-v_firmware *
axis q6128-e_firmware *
axis p3905-re_firmware *
axis q6055-c_firmware *
axis q8631-e_firmware *
axis p1204_firmware *
axis m3106-lve_firmware *
axis q1932-e_pt_mount_firmware *
axis q1942-e_pt_mount_firmware *
axis q3517-lv_firmware *
axis v5915_firmware *
axis q1602-e_firmware *
axis m1045-lw_firmware *
axis q7414_blade_firmware *
axis p3225-lve_firmware *
axis m3044-v_firmware *
axis companion_cube_lw_firmware *
axis m1143-l_firmware *
axis m3105-lve_firmware *
axis q1922-e_firmware *
axis p5522_firmware *
axis q8721-e_firmware *
axis q3504-v_firmware *
axis p3374-lv_firmware *
axis p3114-i_firmware *
axis q1614-e_firmware *
axis q2901-e_firmware *
axis q8741-le_firmware *
axis m1065-lw_firmware *
axis p1344-e_firmware *
axis m3106-l_mk_ii_firmware *
axis m3027-pve_firmware *
axis p3904-r_mk_ii_firmware *
axis q8642-e_firmware *
axis p1343-e_firmware *
axis companion_dome_wv_firmware *
axis companion_recorder_8ch_firmware *
axis m1065-l_firmware *
axis q1921-e_firmware *
axis m3204-v_firmware *
axis p3304_firmware *
axis p1126-z_firmware *
axis p3227-lv_firmware *
axis q1647_firmware *
axis m7016_firmware *
axis m3046-v_1.8mm_firmware *
axis p3114-z_firmware *
axis q8655-zle_firmware *
axis p3344-v_firmware *
axis q3505-sve_mk_ii_firmware *
axis p1405-e_firmware *
axis q6035-e_firmware *
axis p1343_firmware *
axis p3214-v_firmware *
axis p3301-v_firmware *
axis q1922_firmware *
axis p1344_firmware *
axis companion_eye_lve_firmware *
axis m1104_firmware *
axis f44_dual_audio_input_firmware *
axis p5544_firmware *
axis q6045-s_firmware *
axis q1931-e_pt_mount_firmware *
axis p3707-pe_firmware *
axis q8742-e_firmware *
axis m3113-r_firmware *
axis q8675-ze_firmware *
axis q6045-c_mk_ii_firmware *
axis p1448-le_firmware *
axis p3705-z_firmware *
axis p1357_firmware *
axis q1604-e_firmware *
axis m3037-pve_firmware *
axis p3225-lv_mk_ii_firmware *
axis m1054_firmware *
axis p5514-e_firmware *
axis companion_dome_v_firmware *
axis m5013-v_firmware *
axis q3515-lve_firmware *
axis p3384-ve_firmware *
axis a9188_firmware *
axis p3224-lve_firmware *
axis q3615-ve_firmware *
axis q6045_firmware *
axis p3314-z_firmware *
axis q6055-e_firmware *
axis q6045-s_mk_ii_firmware *
axis companion_cube_l_firmware *
axis q6052_firmware *
axis d201-s_xpt_q6055_firmware *
axis p1405-le_firmware *
axis q3505-v_firmware *
axis q1941-e_firmware *
axis m1114-e_firmware *
axis q6000-e_firmware *
axis p1224-e_firmware *
axis q6124-e_firmware *
axis c1004-e_firmware *
axis m5055_firmware *
axis p7224_blade_firmware *
axis p7216_firmware *
axis p3364-v_firmware *
axis q1775_firmware *
axis p3228-lve_firmware *
axis p3904-r_firmware *
axis q6044-s_firmware *
axis p3225-lve_mk_ii_firmware *
axis q6042_firmware *
axis m2025-le_firmware *
axis p1325-z_firmware 7.10.1.1
axis m3004-v_firmware *
axis p3363-ve_firmware *
axis p1425-le_firmware *
axis q6034-c_firmware *
axis q6035-c_firmware *
axis q6054_mk_ii_firmware *
axis q6115-e_firmware *
axis q8665-e_firmware *
axis q6032-e_firmware *
axis p3224-ve_mk_ii_firmware *
axis p3301_firmware *
axis q1921_firmware *
axis m2026-le_mk_ii_firmware *
axis f41_main_unit_firmware *
axis m7010_firmware *
axis q1932-e_firmware *
axis p3915-r_firmware *
axis q8742-le_firmware *
axis p1254_firmware *
axis p1125-zl_firmware *
axis p1435-e_firmware *
axis m1034-w_firmware *
axis q6045-e_firmware *
axis q1910_firmware *
axis p1244_firmware *
axis p8514_firmware *
axis q8685-le_firmware *
axis p3225-v_mk_ii_firmware *
axis p3905-r_mk_ii_firmware *
axis p1346_firmware *
axis q8742-e_zoom_firmware *
axis m3105-l_firmware *
axis p3354_firmware *
axis c8033_firmware *
axis q6000-e_mk_ii_firmware *
axis q1605-z_firmware *
axis q1615-e_mk_ii_firmware *
axis p5512-e_firmware *
axis q7424-r_firmware *
axis q8632-e_firmware *
axis q6125-le_firmware *
axis p5534_firmware *
axis p3364-lv_firmware *
axis p5532_firmware *
axis p8524_firmware *
axis q1614_firmware *
axis p5522-e_firmware *
axis m5054_firmware *
axis q1615-e_firmware *
axis p1346-e_firmware *
axis q7424-r_mk_ii_firmware *
axis p5624-e_mk_ii_firmware *
axis q1659_firmware *
axis p3374-v_firmware *
axis c2005_firmware *
axis q1604_firmware *
axis m3048-p_firmware *
axis p1435-le_firmware *
axis m7014_firmware *
axis q3617-ve_firmware *
axis m3203-v_firmware *
axis p5512_firmware *
axis p5514_firmware *
axis p1264_firmware *
axis m3007-pv_firmware *
axis m5014_firmware *
axis q1645_firmware *
axis p1427-e_firmware *
axis xf60-q2901_firmware *
axis q7404_firmware *
axis q1602_firmware *
axis m1025_firmware *
axis p1214_firmware *
axis q3505-ve_mk_ii_firmware *
axis p3343-v_firmware *
axis m3104-lve_firmware *
axis q1775-e_firmware *
axis m1145_firmware *
axis q1635_firmware *
axis companion_bullet_le_firmware *
axis q8641-e_firmware *
axis p1425-le_mk_ii_firmware *
axis m1013_firmware *
axis p1126-zl_firmware *
axis p3314-zl_firmware *
axis q6044-e_firmware *
axis p3315-zl_firmware *
axis m3016_firmware *
axis p3346-ve_firmware *
axis p1265_firmware *
axis p1365_firmware *
axis q6114-e_firmware *
axis m3007-p_firmware *
axis p3365-ve_firmware *
axis p5635-e_mk_ii_firmware *
axis xf40-q2901_firmware *
axis q1910-e_firmware 5.51.5
axis p3125-z_firmware *
axis m3045-v_firmware *
axis q1755-e_firmware *
axis p1367-e_firmware *
axis p3364-lve_firmware *
axis q1941-e_pt_mount_firmware *
axis p3304-v_firmware *
axis m1033-w_firmware *
axis q6042-e_firmware *
axis q6045_mk_ii_firmware *
axis p5515_firmware *
axis companion_c360_firmware *
axis p7210_firmware *
axis p3706-z_firmware *
axis m1125_firmware *
axis q6034-e_firmware *
axis m1114_firmware *
axis q3709-pve_firmware *
axis m1125-e_firmware *
axis p3905-r_firmware *
axis companion_eye_l_firmware *
axis f44_main_unit_firmware *
axis m3113-ve_firmware *
axis p1425-e_firmware *
axis a8105-e_firmware *
axis m5525-e_firmware *
axis p1364_firmware *
axis p3375-lv_firmware *
axis p3215-v_firmware *
axis p3363-v_firmware *
axis m3045-wv_firmware *
axis m3046-v_firmware *
axis f34_main_unit_firmware *
axis p3224-v_mk_ii_firmware *
axis p5635-ze_firmware *
axis q6054_firmware *
axis q1635-e_firmware *
axis q1615_mk_ii_firmware *
axis q6042-s_firmware *
axis q6055-s_firmware *
axis d2050-ve_firmware *
axis m3106-lve_mk_ii_firmware *
axis p1405-le_mk_ii_firmware *
axis p3367-ve_firmware *
axis q6055_firmware *
axis v5914_firmware *
axis xp60-q1765_firmware *
axis p1355-e_firmware *
axis q6035_firmware *
axis q6054-e_firmware *
axis m1124-e_firmware *
axis m3114-ve_firmware *
axis q8685-e_firmware *
axis a1001_firmware *
axis q1942-e_firmware *
axis m1103_firmware *
axis q6034_firmware *
axis p1354-e_firmware *
axis p5532-e_firmware *
axis p3215-ve_firmware *
axis xp40-q1765_firmware *
axis q6032_firmware *
axis q8414-lvs_firmware *
axis p3225-ve_mk_ii_firmware *
axis p3343-ve_firmware *
axis m3015_firmware *
axis a8004-v_firmware *
axis q3505-v_mk_ii_firmware *
axis q6044_firmware *
axis m2014-e_firmware *
axis q1615_firmware *
axis q7406_blade_firmware *
axis m1124_firmware *
axis q3515-lv_firmware *
axis q8742-le_zoom_firmware *
axis p1290_firmware *
axis m3204_firmware *
axis p5534-e_firmware *
axis a9161_firmware *
axis m1144-l_firmware *
axis m3203_firmware *
axis p3344_firmware *
axis q6052-e_firmware *
axis p1447-le_firmware *
axis q1755_firmware *
axis m3026-ve_firmware *
axis m7011_firmware *
axis m3106-l_firmware *
axis xp40-q1942_firmware *
axis p1364-e_firmware *
axis m1113-e_firmware *
axis p3214-ve_firmware *
axis m1145-l_firmware *
axis m1113_firmware *
axis m1004-w_firmware *
axis m2026-le_firmware *
axis q2901-e_pt_mount_firmware *
axis p3364-ve_firmware *
axis m3044-wv_firmware *
axis p3224-lv_mk_ii_firmware *
axis q3708-pve_firmware *
axis p3353_firmware *
axis p5415-e_firmware *
axis p5624-e_firmware *
axis m3047-p_firmware *
axis c3003-e_firmware *
axis p3375-v_firmware *
axis q6155-e_firmware *
axis m3024-lve_firmware *
axis p1214-e_firmware *
axis p7214_firmware *
axis p3225-lv_firmware *
axis p1347-e_firmware *
axis p1355_firmware *
axis m5013_firmware *
axis q7401_firmware *
axis p3375-ve_firmware *
axis m3014_firmware *
axis a9188-v_firmware *
axis p3227-lve_firmware *
axis q6044-c_firmware *
axis p1347_firmware *
axis q1635-z_firmware *
axis p3915-r_mk_ii_firmware *
axis m3006-v_firmware *
axis p1245_firmware *
axis companion_recorder_4ch_firmware *
axis p3365-v_firmware *
axis p5515-e_firmware *
axis p1125-z_firmware *
axis p1354_firmware *
axis p5635-e_firmware *
axis p5414-e_firmware *
axis m5065_firmware *
axis m3005-v_firmware *
axis p3344-ve_firmware *
axis p1280_firmware *
axis p1368-e_firmware *
axis q1765-le_pt_mount_firmware *
axis m1014_firmware *
axis q6032-c_firmware *
axis q6045-e_mk_ii_firmware *
axis q1931-e_firmware *
axis p1353-e_firmware *
axis q8722-e_firmware *
axis p3346_firmware *
axis q6054-e_mk_ii_firmware *
axis q1765-le_firmware *
axis p3228-lv_firmware *
axis p8513_firmware *
CVE-2018-10663 MEDIUM

An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
axis q3505-ve_firmware *
axis p1353_firmware *
axis m3025-ve_firmware *
axis p1357-e_firmware *
axis p3224-lve_mk_ii_firmware *
axis m3104-l_firmware *
axis p3375-lve_firmware *
axis p1427-le_firmware *
axis q3517-lve_firmware *
axis q6045-c_firmware *
axis p3367-v_firmware *
axis p1275_firmware *
axis m5014-v_firmware *
axis p3115-i_firmware *
axis q8665-le_firmware *
axis p3346-v_firmware *
axis p3224-lv_firmware *
axis q7436_blade_firmware *
axis q3504-ve_firmware *
axis p1365_mk_ii_firmware *
axis p1367_firmware *
axis m3114-r_firmware *
axis p3315-z_firmware *
axis q7411_firmware *
axis xf40-q1765_firmware *
axis p3115-z_firmware *
axis q8741-e_firmware *
axis p1365-e_mk_ii_firmware *
axis p3343_firmware *
axis p1365-e_firmware *
axis q6042-c_firmware *
axis p1428-e_firmware *
axis fa54_main_unit_firmware *
axis p3384-v_firmware *
axis q6128-e_firmware *
axis p3905-re_firmware *
axis q6055-c_firmware *
axis q8631-e_firmware *
axis p1204_firmware *
axis m3106-lve_firmware *
axis q1932-e_pt_mount_firmware *
axis q1942-e_pt_mount_firmware *
axis q3517-lv_firmware *
axis v5915_firmware *
axis q1602-e_firmware *
axis m1045-lw_firmware *
axis q7414_blade_firmware *
axis p3225-lve_firmware *
axis m3044-v_firmware *
axis companion_cube_lw_firmware *
axis m1143-l_firmware *
axis m3105-lve_firmware *
axis q1922-e_firmware *
axis p5522_firmware *
axis q8721-e_firmware *
axis q3504-v_firmware *
axis p3374-lv_firmware *
axis p3114-i_firmware *
axis q1614-e_firmware *
axis q2901-e_firmware *
axis q8741-le_firmware *
axis m1065-lw_firmware *
axis p1344-e_firmware *
axis m3106-l_mk_ii_firmware *
axis m3027-pve_firmware *
axis p3904-r_mk_ii_firmware *
axis q8642-e_firmware *
axis p1343-e_firmware *
axis companion_dome_wv_firmware *
axis companion_recorder_8ch_firmware *
axis m1065-l_firmware *
axis q1921-e_firmware *
axis m3204-v_firmware *
axis p3304_firmware *
axis p1126-z_firmware *
axis p3227-lv_firmware *
axis q1647_firmware *
axis m7016_firmware *
axis m3046-v_1.8mm_firmware *
axis p3114-z_firmware *
axis q8655-zle_firmware *
axis p3344-v_firmware *
axis q3505-sve_mk_ii_firmware *
axis p1405-e_firmware *
axis q6035-e_firmware *
axis p1343_firmware *
axis p3214-v_firmware *
axis p3301-v_firmware *
axis q1922_firmware *
axis p1344_firmware *
axis companion_eye_lve_firmware *
axis m1104_firmware *
axis f44_dual_audio_input_firmware *
axis p5544_firmware *
axis q6045-s_firmware *
axis q1931-e_pt_mount_firmware *
axis p3707-pe_firmware *
axis q8742-e_firmware *
axis m3113-r_firmware *
axis q8675-ze_firmware *
axis q6045-c_mk_ii_firmware *
axis p1448-le_firmware *
axis p3705-z_firmware *
axis p1357_firmware *
axis q1604-e_firmware *
axis m3037-pve_firmware *
axis p3225-lv_mk_ii_firmware *
axis m1054_firmware *
axis p5514-e_firmware *
axis companion_dome_v_firmware *
axis m5013-v_firmware *
axis q3515-lve_firmware *
axis p3384-ve_firmware *
axis a9188_firmware *
axis p3224-lve_firmware *
axis q3615-ve_firmware *
axis q6045_firmware *
axis p3314-z_firmware *
axis q6055-e_firmware *
axis q6045-s_mk_ii_firmware *
axis companion_cube_l_firmware *
axis q6052_firmware *
axis d201-s_xpt_q6055_firmware *
axis p1405-le_firmware *
axis q3505-v_firmware *
axis q1941-e_firmware *
axis m1114-e_firmware *
axis q6000-e_firmware *
axis p1224-e_firmware *
axis q6124-e_firmware *
axis c1004-e_firmware *
axis m5055_firmware *
axis p7224_blade_firmware *
axis p7216_firmware *
axis p3364-v_firmware *
axis q1775_firmware *
axis p3228-lve_firmware *
axis p3904-r_firmware *
axis q6044-s_firmware *
axis p3225-lve_mk_ii_firmware *
axis q6042_firmware *
axis m2025-le_firmware *
axis p1325-z_firmware 7.10.1.1
axis m3004-v_firmware *
axis p3363-ve_firmware *
axis p1425-le_firmware *
axis q6034-c_firmware *
axis q6035-c_firmware *
axis q6054_mk_ii_firmware *
axis q6115-e_firmware *
axis q8665-e_firmware *
axis q6032-e_firmware *
axis p3224-ve_mk_ii_firmware *
axis p3301_firmware *
axis q1921_firmware *
axis m2026-le_mk_ii_firmware *
axis f41_main_unit_firmware *
axis m7010_firmware *
axis q1932-e_firmware *
axis p3915-r_firmware *
axis q8742-le_firmware *
axis p1254_firmware *
axis p1125-zl_firmware *
axis p1435-e_firmware *
axis m1034-w_firmware *
axis q6045-e_firmware *
axis q1910_firmware *
axis p1244_firmware *
axis p8514_firmware *
axis q8685-le_firmware *
axis p3225-v_mk_ii_firmware *
axis p3905-r_mk_ii_firmware *
axis p1346_firmware *
axis q8742-e_zoom_firmware *
axis m3105-l_firmware *
axis p3354_firmware *
axis c8033_firmware *
axis q6000-e_mk_ii_firmware *
axis q1605-z_firmware *
axis q1615-e_mk_ii_firmware *
axis p5512-e_firmware *
axis q7424-r_firmware *
axis q8632-e_firmware *
axis q6125-le_firmware *
axis p5534_firmware *
axis p3364-lv_firmware *
axis p5532_firmware *
axis p8524_firmware *
axis q1614_firmware *
axis p5522-e_firmware *
axis m5054_firmware *
axis q1615-e_firmware *
axis p1346-e_firmware *
axis q7424-r_mk_ii_firmware *
axis p5624-e_mk_ii_firmware *
axis q1659_firmware *
axis p3374-v_firmware *
axis c2005_firmware *
axis q1604_firmware *
axis m3048-p_firmware *
axis p1435-le_firmware *
axis m7014_firmware *
axis q3617-ve_firmware *
axis m3203-v_firmware *
axis p5512_firmware *
axis p5514_firmware *
axis p1264_firmware *
axis m3007-pv_firmware *
axis m5014_firmware *
axis q1645_firmware *
axis p1427-e_firmware *
axis xf60-q2901_firmware *
axis q7404_firmware *
axis q1602_firmware *
axis m1025_firmware *
axis p1214_firmware *
axis q3505-ve_mk_ii_firmware *
axis p3343-v_firmware *
axis m3104-lve_firmware *
axis q1775-e_firmware *
axis m1145_firmware *
axis q1635_firmware *
axis companion_bullet_le_firmware *
axis q8641-e_firmware *
axis p1425-le_mk_ii_firmware *
axis m1013_firmware *
axis p1126-zl_firmware *
axis p3314-zl_firmware *
axis q6044-e_firmware *
axis p3315-zl_firmware *
axis m3016_firmware *
axis p3346-ve_firmware *
axis p1265_firmware *
axis p1365_firmware *
axis q6114-e_firmware *
axis m3007-p_firmware *
axis p3365-ve_firmware *
axis p5635-e_mk_ii_firmware *
axis xf40-q2901_firmware *
axis q1910-e_firmware 5.51.5
axis p3125-z_firmware *
axis m3045-v_firmware *
axis q1755-e_firmware *
axis p1367-e_firmware *
axis p3364-lve_firmware *
axis q1941-e_pt_mount_firmware *
axis p3304-v_firmware *
axis m1033-w_firmware *
axis q6042-e_firmware *
axis q6045_mk_ii_firmware *
axis p5515_firmware *
axis companion_c360_firmware *
axis p7210_firmware *
axis p3706-z_firmware *
axis m1125_firmware *
axis q6034-e_firmware *
axis m1114_firmware *
axis q3709-pve_firmware *
axis m1125-e_firmware *
axis p3905-r_firmware *
axis companion_eye_l_firmware *
axis f44_main_unit_firmware *
axis m3113-ve_firmware *
axis p1425-e_firmware *
axis a8105-e_firmware *
axis m5525-e_firmware *
axis p1364_firmware *
axis p3375-lv_firmware *
axis p3215-v_firmware *
axis p3363-v_firmware *
axis m3045-wv_firmware *
axis m3046-v_firmware *
axis f34_main_unit_firmware *
axis p3224-v_mk_ii_firmware *
axis p5635-ze_firmware *
axis q6054_firmware *
axis q1635-e_firmware *
axis q1615_mk_ii_firmware *
axis q6042-s_firmware *
axis q6055-s_firmware *
axis d2050-ve_firmware *
axis m3106-lve_mk_ii_firmware *
axis p1405-le_mk_ii_firmware *
axis p3367-ve_firmware *
axis q6055_firmware *
axis v5914_firmware *
axis xp60-q1765_firmware *
axis p1355-e_firmware *
axis q6035_firmware *
axis q6054-e_firmware *
axis m1124-e_firmware *
axis m3114-ve_firmware *
axis q8685-e_firmware *
axis a1001_firmware *
axis q1942-e_firmware *
axis m1103_firmware *
axis q6034_firmware *
axis p1354-e_firmware *
axis p5532-e_firmware *
axis p3215-ve_firmware *
axis xp40-q1765_firmware *
axis q6032_firmware *
axis q8414-lvs_firmware *
axis p3225-ve_mk_ii_firmware *
axis p3343-ve_firmware *
axis m3015_firmware *
axis a8004-v_firmware *
axis q3505-v_mk_ii_firmware *
axis q6044_firmware *
axis m2014-e_firmware *
axis q1615_firmware *
axis q7406_blade_firmware *
axis m1124_firmware *
axis q3515-lv_firmware *
axis q8742-le_zoom_firmware *
axis p1290_firmware *
axis m3204_firmware *
axis p5534-e_firmware *
axis a9161_firmware *
axis m1144-l_firmware *
axis m3203_firmware *
axis p3344_firmware *
axis q6052-e_firmware *
axis p1447-le_firmware *
axis q1755_firmware *
axis m3026-ve_firmware *
axis m7011_firmware *
axis m3106-l_firmware *
axis xp40-q1942_firmware *
axis p1364-e_firmware *
axis m1113-e_firmware *
axis p3214-ve_firmware *
axis m1145-l_firmware *
axis m1113_firmware *
axis m1004-w_firmware *
axis m2026-le_firmware *
axis q2901-e_pt_mount_firmware *
axis p3364-ve_firmware *
axis m3044-wv_firmware *
axis p3224-lv_mk_ii_firmware *
axis q3708-pve_firmware *
axis p3353_firmware *
axis p5415-e_firmware *
axis p5624-e_firmware *
axis m3047-p_firmware *
axis c3003-e_firmware *
axis p3375-v_firmware *
axis q6155-e_firmware *
axis m3024-lve_firmware *
axis p1214-e_firmware *
axis p7214_firmware *
axis p3225-lv_firmware *
axis p1347-e_firmware *
axis p1355_firmware *
axis m5013_firmware *
axis q7401_firmware *
axis p3375-ve_firmware *
axis m3014_firmware *
axis a9188-v_firmware *
axis p3227-lve_firmware *
axis q6044-c_firmware *
axis p1347_firmware *
axis q1635-z_firmware *
axis p3915-r_mk_ii_firmware *
axis m3006-v_firmware *
axis p1245_firmware *
axis companion_recorder_4ch_firmware *
axis p3365-v_firmware *
axis p5515-e_firmware *
axis p1125-z_firmware *
axis p1354_firmware *
axis p5635-e_firmware *
axis p5414-e_firmware *
axis m5065_firmware *
axis m3005-v_firmware *
axis p3344-ve_firmware *
axis p1280_firmware *
axis p1368-e_firmware *
axis q1765-le_pt_mount_firmware *
axis m1014_firmware *
axis q6032-c_firmware *
axis q6045-e_mk_ii_firmware *
axis q1931-e_firmware *
axis p1353-e_firmware *
axis q8722-e_firmware *
axis p3346_firmware *
axis q6054-e_mk_ii_firmware *
axis q1765-le_firmware *
axis p3228-lv_firmware *
axis p8513_firmware *
CVE-2018-10664 MEDIUM

An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
axis q3505-ve_firmware *
axis p1353_firmware *
axis m3025-ve_firmware *
axis p1357-e_firmware *
axis p3224-lve_mk_ii_firmware *
axis m3104-l_firmware *
axis p3375-lve_firmware *
axis p1427-le_firmware *
axis q3517-lve_firmware *
axis q6045-c_firmware *
axis p3367-v_firmware *
axis p1275_firmware *
axis m5014-v_firmware *
axis p3115-i_firmware *
axis q8665-le_firmware *
axis p3346-v_firmware *
axis p3224-lv_firmware *
axis q7436_blade_firmware *
axis q3504-ve_firmware *
axis p1365_mk_ii_firmware *
axis p1367_firmware *
axis m3114-r_firmware *
axis p3315-z_firmware *
axis q7411_firmware *
axis xf40-q1765_firmware *
axis p3115-z_firmware *
axis q8741-e_firmware *
axis p1365-e_mk_ii_firmware *
axis p3343_firmware *
axis p1365-e_firmware *
axis q6042-c_firmware *
axis p1428-e_firmware *
axis fa54_main_unit_firmware *
axis p3384-v_firmware *
axis q6128-e_firmware *
axis p3905-re_firmware *
axis q6055-c_firmware *
axis q8631-e_firmware *
axis p1204_firmware *
axis m3106-lve_firmware *
axis q1932-e_pt_mount_firmware *
axis q1942-e_pt_mount_firmware *
axis q3517-lv_firmware *
axis v5915_firmware *
axis q1602-e_firmware *
axis m1045-lw_firmware *
axis q7414_blade_firmware *
axis p3225-lve_firmware *
axis m3044-v_firmware *
axis companion_cube_lw_firmware *
axis m1143-l_firmware *
axis m3105-lve_firmware *
axis q1922-e_firmware *
axis p5522_firmware *
axis q8721-e_firmware *
axis q3504-v_firmware *
axis p3374-lv_firmware *
axis p3114-i_firmware *
axis q1614-e_firmware *
axis q2901-e_firmware *
axis q8741-le_firmware *
axis m1065-lw_firmware *
axis p1344-e_firmware *
axis m3106-l_mk_ii_firmware *
axis m3027-pve_firmware *
axis p3904-r_mk_ii_firmware *
axis q8642-e_firmware *
axis p1343-e_firmware *
axis companion_dome_wv_firmware *
axis companion_recorder_8ch_firmware *
axis m1065-l_firmware *
axis q1921-e_firmware *
axis m3204-v_firmware *
axis p3304_firmware *
axis p1126-z_firmware *
axis p3227-lv_firmware *
axis q1647_firmware *
axis m7016_firmware *
axis m3046-v_1.8mm_firmware *
axis p3114-z_firmware *
axis q8655-zle_firmware *
axis p3344-v_firmware *
axis q3505-sve_mk_ii_firmware *
axis p1405-e_firmware *
axis q6035-e_firmware *
axis p1343_firmware *
axis p3214-v_firmware *
axis p3301-v_firmware *
axis q1922_firmware *
axis p1344_firmware *
axis companion_eye_lve_firmware *
axis m1104_firmware *
axis f44_dual_audio_input_firmware *
axis p5544_firmware *
axis q6045-s_firmware *
axis q1931-e_pt_mount_firmware *
axis p3707-pe_firmware *
axis q8742-e_firmware *
axis m3113-r_firmware *
axis q8675-ze_firmware *
axis q6045-c_mk_ii_firmware *
axis p1448-le_firmware *
axis p3705-z_firmware *
axis p1357_firmware *
axis q1604-e_firmware *
axis m3037-pve_firmware *
axis p3225-lv_mk_ii_firmware *
axis m1054_firmware *
axis p5514-e_firmware *
axis companion_dome_v_firmware *
axis m5013-v_firmware *
axis q3515-lve_firmware *
axis p3384-ve_firmware *
axis a9188_firmware *
axis p3224-lve_firmware *
axis q3615-ve_firmware *
axis q6045_firmware *
axis p3314-z_firmware *
axis q6055-e_firmware *
axis q6045-s_mk_ii_firmware *
axis companion_cube_l_firmware *
axis q6052_firmware *
axis d201-s_xpt_q6055_firmware *
axis p1405-le_firmware *
axis q3505-v_firmware *
axis q1941-e_firmware *
axis m1114-e_firmware *
axis q6000-e_firmware *
axis p1224-e_firmware *
axis q6124-e_firmware *
axis c1004-e_firmware *
axis m5055_firmware *
axis p7224_blade_firmware *
axis p7216_firmware *
axis p3364-v_firmware *
axis q1775_firmware *
axis p3228-lve_firmware *
axis p3904-r_firmware *
axis q6044-s_firmware *
axis p3225-lve_mk_ii_firmware *
axis q6042_firmware *
axis m2025-le_firmware *
axis p1325-z_firmware 7.10.1.1
axis m3004-v_firmware *
axis p3363-ve_firmware *
axis p1425-le_firmware *
axis q6034-c_firmware *
axis q6035-c_firmware *
axis q6054_mk_ii_firmware *
axis q6115-e_firmware *
axis q8665-e_firmware *
axis q6032-e_firmware *
axis p3224-ve_mk_ii_firmware *
axis p3301_firmware *
axis q1921_firmware *
axis m2026-le_mk_ii_firmware *
axis f41_main_unit_firmware *
axis m7010_firmware *
axis q1932-e_firmware *
axis p3915-r_firmware *
axis q8742-le_firmware *
axis p1254_firmware *
axis p1125-zl_firmware *
axis p1435-e_firmware *
axis m1034-w_firmware *
axis q6045-e_firmware *
axis q1910_firmware *
axis p1244_firmware *
axis p8514_firmware *
axis q8685-le_firmware *
axis p3225-v_mk_ii_firmware *
axis p3905-r_mk_ii_firmware *
axis p1346_firmware *
axis q8742-e_zoom_firmware *
axis m3105-l_firmware *
axis p3354_firmware *
axis c8033_firmware *
axis q6000-e_mk_ii_firmware *
axis q1605-z_firmware *
axis q1615-e_mk_ii_firmware *
axis p5512-e_firmware *
axis q7424-r_firmware *
axis q8632-e_firmware *
axis q6125-le_firmware *
axis p5534_firmware *
axis p3364-lv_firmware *
axis p5532_firmware *
axis p8524_firmware *
axis q1614_firmware *
axis p5522-e_firmware *
axis m5054_firmware *
axis q1615-e_firmware *
axis p1346-e_firmware *
axis q7424-r_mk_ii_firmware *
axis p5624-e_mk_ii_firmware *
axis q1659_firmware *
axis p3374-v_firmware *
axis c2005_firmware *
axis q1604_firmware *
axis m3048-p_firmware *
axis p1435-le_firmware *
axis m7014_firmware *
axis q3617-ve_firmware *
axis m3203-v_firmware *
axis p5512_firmware *
axis p5514_firmware *
axis p1264_firmware *
axis m3007-pv_firmware *
axis m5014_firmware *
axis q1645_firmware *
axis p1427-e_firmware *
axis xf60-q2901_firmware *
axis q7404_firmware *
axis q1602_firmware *
axis m1025_firmware *
axis p1214_firmware *
axis q3505-ve_mk_ii_firmware *
axis p3343-v_firmware *
axis m3104-lve_firmware *
axis q1775-e_firmware *
axis m1145_firmware *
axis q1635_firmware *
axis companion_bullet_le_firmware *
axis q8641-e_firmware *
axis p1425-le_mk_ii_firmware *
axis m1013_firmware *
axis p1126-zl_firmware *
axis p3314-zl_firmware *
axis q6044-e_firmware *
axis p3315-zl_firmware *
axis m3016_firmware *
axis p3346-ve_firmware *
axis p1265_firmware *
axis p1365_firmware *
axis q6114-e_firmware *
axis m3007-p_firmware *
axis p3365-ve_firmware *
axis p5635-e_mk_ii_firmware *
axis xf40-q2901_firmware *
axis q1910-e_firmware 5.51.5
axis p3125-z_firmware *
axis m3045-v_firmware *
axis q1755-e_firmware *
axis p1367-e_firmware *
axis p3364-lve_firmware *
axis q1941-e_pt_mount_firmware *
axis p3304-v_firmware *
axis m1033-w_firmware *
axis q6042-e_firmware *
axis q6045_mk_ii_firmware *
axis p5515_firmware *
axis companion_c360_firmware *
axis p7210_firmware *
axis p3706-z_firmware *
axis m1125_firmware *
axis q6034-e_firmware *
axis m1114_firmware *
axis q3709-pve_firmware *
axis m1125-e_firmware *
axis p3905-r_firmware *
axis companion_eye_l_firmware *
axis f44_main_unit_firmware *
axis m3113-ve_firmware *
axis p1425-e_firmware *
axis a8105-e_firmware *
axis m5525-e_firmware *
axis p1364_firmware *
axis p3375-lv_firmware *
axis p3215-v_firmware *
axis p3363-v_firmware *
axis m3045-wv_firmware *
axis m3046-v_firmware *
axis f34_main_unit_firmware *
axis p3224-v_mk_ii_firmware *
axis p5635-ze_firmware *
axis q6054_firmware *
axis q1635-e_firmware *
axis q1615_mk_ii_firmware *
axis q6042-s_firmware *
axis q6055-s_firmware *
axis d2050-ve_firmware *
axis m3106-lve_mk_ii_firmware *
axis p1405-le_mk_ii_firmware *
axis p3367-ve_firmware *
axis q6055_firmware *
axis v5914_firmware *
axis xp60-q1765_firmware *
axis p1355-e_firmware *
axis q6035_firmware *
axis q6054-e_firmware *
axis m1124-e_firmware *
axis m3114-ve_firmware *
axis q8685-e_firmware *
axis a1001_firmware *
axis q1942-e_firmware *
axis m1103_firmware *
axis q6034_firmware *
axis p1354-e_firmware *
axis p5532-e_firmware *
axis p3215-ve_firmware *
axis xp40-q1765_firmware *
axis q6032_firmware *
axis q8414-lvs_firmware *
axis p3225-ve_mk_ii_firmware *
axis p3343-ve_firmware *
axis m3015_firmware *
axis a8004-v_firmware *
axis q3505-v_mk_ii_firmware *
axis q6044_firmware *
axis m2014-e_firmware *
axis q1615_firmware *
axis q7406_blade_firmware *
axis m1124_firmware *
axis q3515-lv_firmware *
axis q8742-le_zoom_firmware *
axis p1290_firmware *
axis m3204_firmware *
axis p5534-e_firmware *
axis a9161_firmware *
axis m1144-l_firmware *
axis m3203_firmware *
axis p3344_firmware *
axis q6052-e_firmware *
axis p1447-le_firmware *
axis q1755_firmware *
axis m3026-ve_firmware *
axis m7011_firmware *
axis m3106-l_firmware *
axis xp40-q1942_firmware *
axis p1364-e_firmware *
axis m1113-e_firmware *
axis p3214-ve_firmware *
axis m1145-l_firmware *
axis m1113_firmware *
axis m1004-w_firmware *
axis m2026-le_firmware *
axis q2901-e_pt_mount_firmware *
axis p3364-ve_firmware *
axis m3044-wv_firmware *
axis p3224-lv_mk_ii_firmware *
axis q3708-pve_firmware *
axis p3353_firmware *
axis p5415-e_firmware *
axis p5624-e_firmware *
axis m3047-p_firmware *
axis c3003-e_firmware *
axis p3375-v_firmware *
axis q6155-e_firmware *
axis m3024-lve_firmware *
axis p1214-e_firmware *
axis p7214_firmware *
axis p3225-lv_firmware *
axis p1347-e_firmware *
axis p1355_firmware *
axis m5013_firmware *
axis q7401_firmware *
axis p3375-ve_firmware *
axis m3014_firmware *
axis a9188-v_firmware *
axis p3227-lve_firmware *
axis q6044-c_firmware *
axis p1347_firmware *
axis q1635-z_firmware *
axis p3915-r_mk_ii_firmware *
axis m3006-v_firmware *
axis p1245_firmware *
axis companion_recorder_4ch_firmware *
axis p3365-v_firmware *
axis p5515-e_firmware *
axis p1125-z_firmware *
axis p1354_firmware *
axis p5635-e_firmware *
axis p5414-e_firmware *
axis m5065_firmware *
axis m3005-v_firmware *
axis p3344-ve_firmware *
axis p1280_firmware *
axis p1368-e_firmware *
axis q1765-le_pt_mount_firmware *
axis m1014_firmware *
axis q6032-c_firmware *
axis q6045-e_mk_ii_firmware *
axis q1931-e_firmware *
axis p1353-e_firmware *
axis q8722-e_firmware *
axis p3346_firmware *
axis q6054-e_mk_ii_firmware *
axis q1765-le_firmware *
axis p3228-lv_firmware *
axis p8513_firmware *
CVE-2018-9156 HIGH

An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
axis p1354_firmware 5.90.1.1
CVE-2018-9157 HIGH

An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
axis m1033-w_firmware 5.40.5.1
CVE-2018-9158 MEDIUM

An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
axis m1033-w_firmware 5.40.5.1
CVE-2021-31986 MEDIUM

User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H 1.6 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
axis axis_os_2016 *
axis axis_os *
axis axis_os_2018 *
axis axis_os_2020 *
CVE-2021-31987 MEDIUM

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1286,NVD-CWE-Other,

Products Affected

Vendor Product Version
axis axis_os_2016 *
axis axis_os *
axis axis_os_2018 *
axis axis_os_2020 *
CVE-2021-31988 MEDIUM

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1286,CWE-74,

Products Affected

Vendor Product Version
axis axis_os_2016 *
axis axis_os *
axis axis_os_2018 *
axis axis_os_2020 *
CVE-2021-31989 LOW

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-316,CWE-312,

Products Affected

Vendor Product Version
axis device_manager *
CVE-2022-23410 MEDIUM

AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
axis ip_utility *
CVE-2023-21404

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.

Products Affected

Vendor Product Version
axis axis_os *
CVE-2023-21405

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
axis a1610_(-b)_firmware *
axis axis_os *
axis a1601_firmware *
axis a1001_firmware *
axis a1210_(-b)_firmware *
CVE-2023-21406

Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which is handling the OSDP communication allowing to write outside of the allocated buffer. By appending invalid data to an OSDP message it was possible to write data beyond the heap allocated buffer. The data written outside the buffer could be used to execute arbitrary code.  lease refer to the Axis security advisory for more information, mitigation and affected products and software versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 7.1 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H 1.6 5.5

Products Affected

Vendor Product Version
axis a1001_firmware *
CVE-2023-21407

A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
axis license_plate_verifier *
CVE-2023-21408

Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
axis license_plate_verifier *
CVE-2023-21409

Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
axis license_plate_verifier *
CVE-2023-21410

User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
axis license_plate_verifier *
CVE-2023-21411

User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
axis license_plate_verifier *
CVE-2023-21412

User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
axis license_plate_verifier *
CVE-2023-21413

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
product-security@axis.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
axis axis_os *
CVE-2023-21414

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 7.1 HIGH CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 0.5 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
axis axis_os *
CVE-2023-21415

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
axis axis_os_2016 *
axis axis_os *
axis axis_os_2018 *
axis axis_os_2022 *
axis axis_os_2020 *
CVE-2023-21416

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account however the impact is equal. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
product-security@axis.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2

Products Affected

Vendor Product Version
axis axis_os *
axis axis_os_2022 *
CVE-2023-21417

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2
product-security@axis.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2

Products Affected

Vendor Product Version
axis axis_os *
axis axis_os_2022 *
axis axis_os_2020 *
CVE-2023-21418

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2

Products Affected

Vendor Product Version
axis axis_os *
axis axis_os_2018 *
axis axis_os_2022 *
axis axis_os_2020 *
CVE-2023-22984

A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
axis 207w_firmware -
CVE-2023-5553

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
product-security@axis.com 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

Products Affected

Vendor Product Version
axis axis_os *
axis axis_os_2022 *
CVE-2023-5677

Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
product-security@axis.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
axis p7216_firmware *
axis q7401_firmware *
axis q7414_firmware *
axis m7014_firmware *
axis m3025-ve_firmware *
axis m7016_firmware *
axis q7424-r_mk_ii_firmware *
axis m3024-lve_firmware *
axis p1214-e_firmware *
axis p7214_firmware *
axis q7404_firmware *
CVE-2023-5800

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
product-security@axis.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
axis axis_os *
axis axis_os_2022 *
axis axis_os_2020 *
CVE-2024-0055

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
axis axis_os *
axis axis_os_2022 *
CVE-2024-47259

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 3.5 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N 1.8 1.4

Products Affected

Vendor Product Version
axis axis_os *
axis axis_os_2024 *
CVE-2024-47261

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
axis axis_os *
axis axis_os_2024 *
axis axis_os_2022 *
CVE-2024-6979

Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of account passwords and social engineering attacks in tricking the administrator to perform specific configurations on operator- and/or viewer-privileged accounts. Axis has released patched AXIS OS a version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
axis axis_os_2024 *
CVE-2024-7696

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.1 4.2

Products Affected

Vendor Product Version
axis camera_station_pro *
CVE-2024-8160

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L 1.2 2.5

Products Affected

Vendor Product Version
axis axis_os *
axis axis_os_2024 *
axis axis_os_2022 *
CVE-2025-0324

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5

Products Affected

Vendor Product Version
axis axis_os *
axis axis_os_2024 *
CVE-2025-0358

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
axis axis_os *
CVE-2025-0359

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 8.5 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L 2.5 5.3

Products Affected

Vendor Product Version
axis axis_os *
axis axis_os_2024 *
CVE-2025-0360

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
axis axis_os *
axis axis_os_2024 *
CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
product-security@axis.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
axis axis_os *
axis axis_os_2024 *
CVE-2025-0926

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 5.9 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H 1.5 4.0

Products Affected

Vendor Product Version
axis camera_station_pro *
CVE-2025-1056

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2

Products Affected

Vendor Product Version
axis camera_station_pro *
CVE-2025-11142

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2

Products Affected

Vendor Product Version
axis axis_os *
CVE-2025-11547

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
axis camera_station_pro *
CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.1 3.6

Products Affected

Vendor Product Version
axis camera_station_pro *
CVE-2025-12757

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 4.6 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.1 2.5

Products Affected

Vendor Product Version
axis camera_station_pro *
CVE-2025-13064

A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.9 3.6

Products Affected

Vendor Product Version
axis camera_station_pro *
CVE-2025-30023

The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 9.0 CRITICAL CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
axis camera_station_pro *
axis device_manager *
axis camera_station *
CVE-2025-30024

The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.6 5.2

Products Affected

Vendor Product Version
axis device_manager *
CVE-2025-30025

The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation.

Products Affected

Vendor Product Version
axis camera_station_pro *
axis device_manager *
CVE-2025-30026

The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required.

Products Affected

Vendor Product Version
axis camera_station_pro *
axis camera_station *
CVE-2025-30027

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
axis axis_os *
CVE-2025-3892

ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
axis axis_os *
CVE-2025-4645

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
axis axis_os *
CVE-2025-5452

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

Products Affected

Vendor Product Version
axis axis_os *
CVE-2025-5454

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
axis axis_os *
CVE-2025-5718

The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
axis axis_os *
CVE-2025-6298

ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
axis axis_os *
CVE-2025-6779

An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
axis axis_os *
CVE-2025-7622

During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.

Products Affected

Vendor Product Version
axis camera_station_pro *
axis camera_station *
CVE-2025-8108

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
product-security@axis.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
axis axis_os *