AxisCVEs & Vulnerabilities

91 CVEs affecting Axis products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

2400 video server 542100 network camera 442401 video server 372420 network camera 342110 network camera 312120 network camera 31axis os 312130 ptz network camera 17
CVE-2017-20049CRITICAL

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.

15 Jun 2022
9.8
CVSS
CVE-2022-23410HIGH

AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder.

15 Feb 2022
7.8
CVSS
CVE-2021-31988HIGH

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.

6 Oct 2021
8.8
CVSS
CVE-2021-31987HIGH

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.

6 Oct 2021
7.5
CVSS
CVE-2021-31986MEDIUM

User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage.

6 Oct 2021
6.8
CVSS
CVE-2021-31989MEDIUM

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.

25 Aug 2021
5.3
CVSS
CVE-2018-10664HIGH

An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.

26 Jun 2018
7.5
CVSS
CVE-2018-10663HIGH

An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation.

26 Jun 2018
7.5
CVSS
CVE-2018-10662CRITICALpoc

An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.

26 Jun 2018
9.8
CVSS
CVE-2018-10661CRITICALpoc

An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.

26 Jun 2018
9.8
CVSS
CVE-2018-10660CRITICALpoc

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.

26 Jun 2018
9.8
CVSS
CVE-2018-10659HIGH

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.

26 Jun 2018
7.5
CVSS
CVE-2018-10658HIGH

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.

26 Jun 2018
7.5
CVSS
CVE-2018-9158HIGH

An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end.

1 Apr 2018
7.5
CVSS
CVE-2018-9157HIGH

An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality

1 Apr 2018
7.5
CVSS
CVE-2018-9156HIGH

An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality

1 Apr 2018
7.5
CVSS
CVE-2017-15885MEDIUM

Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214.

25 Oct 2017
6.1
CVSS
CVE-2017-12413MEDIUM

AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.

4 Aug 2017
6.1
CVSS
CVE-2015-8257HIGHpoc

The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.

2 May 2017
8.8
CVSS
CVE-2015-8256MEDIUMpoc

Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.

17 Apr 2017
6.1
CVSS
CVE-2015-8258HIGHpoc

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."

10 Apr 2017
7.5
CVSS
CVE-2015-8255HIGHpoc

AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.

10 Apr 2017
8.8
CVSS
CVE-2013-3543HIGHpoc

The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods.

5 Oct 2013
8.8
CVSS
CVE-2011-5261MEDIUMpoc

Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml.

12 Feb 2013
4.3
CVSS
CVE-2008-5260CRITICAL

Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value.

26 Jan 2009
9.3
CVSS
CVE-2007-5212MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.

5 Oct 2007
4.3
CVSS
CVE-2007-5213CRITICAL

Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.

5 Oct 2007
9.3
CVSS
CVE-2007-5214MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.

5 Oct 2007
4.3
CVSS
CVE-2007-4926CRITICAL

The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors.

18 Sep 2007
9.3
CVSS
CVE-2007-4927LOW

axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.

18 Sep 2007
3.5
CVSS
CVE-2007-4928MEDIUM

The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information.

18 Sep 2007
4.9
CVSS
CVE-2007-4929MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors.

18 Sep 2007
4.3
CVSS
CVE-2007-4930MEDIUMpoc

Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml.

18 Sep 2007
4.3
CVSS
CVE-2007-2239CRITICALpoc

Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.

7 May 2007
9.3
CVSS
CVE-2004-0789MEDIUM

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.

31 Dec 2004
5.0
CVSS
CVE-2004-2426MEDIUM

Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.

31 Dec 2004
5.0
CVSS
CVE-2004-2427CRITICAL

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.

31 Dec 2004
10.0
CVSS
CVE-2004-2425HIGHpoc

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.

31 Dec 2004
7.5
CVSS
CVE-2003-1386MEDIUMpoc

AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.

31 Dec 2003
6.4
CVSS
CVE-2003-0240CRITICALpoc

The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).

9 Jun 2003
10.0
CVSS
CVE-2001-1543HIGH

Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.

31 Dec 2001
7.5
CVSS
CVE-2000-0191CRITICALpoc

Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.

29 Feb 2000
10.0
CVSS
CVE-2000-0144HIGH

Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.

7 Feb 2000
7.5
CVSS
← PrevPage 2 / 2Next →
Axis CVEs & Vulnerabilities — 91 Tracked — Page 2