CVE-2024-47261 — Improper Validation of Specified Type of Input in Communications AB Axis OS

CWE-1287 — Improper Validation of Specified Type of Input3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 46.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Axis Communications AB Axis OS Axis OS Axis OS 2022 +1 more

Timeline

PublishedApr 8

Description

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶NVDaxis/axis_os10.12.0 — 12.3.56

▶NVDaxis/axis_os_2022< 10.12.276

▶NVDaxis/axis_os_2024< 11.11.141

▶CVEListV5axis_communications_ab/axis_os10.12.0 — 10.12.276+2

🔴Vulnerability Details

GHSA

GHSA-f6xw-xqhc-gwg3: 51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage↗2025-04-08

▶

CVEList

CVE-2024-47261: 51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage↗2025-04-08

▶