Описание
51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 10.12.0 (включая) до 12.3.56 (исключая)Версия до 10.12.276 (исключая)Версия до 11.11.141 (исключая)
Одно из
cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*
cpe:2.3:o:axis:axis_os_2024:*:*:*:*:lts:*:*:*
EPSS
Процентиль: 53%
0.003
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-1287
Связанные уязвимости
CVSS3: 4.3
github
10 месяцев назад
51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device.
EPSS
Процентиль: 53%
0.003
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-1287