Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-6779

Опубликовано: 11 нояб. 2025
Источник: nvd
CVSS3: 6.7
EPSS Низкий

Описание

An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
Версия от 12.0.0 (включая) до 12.6.40 (исключая)

Одно из

cpe:2.3:h:axis:a1210_\(-b\):-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1214:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1601:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1610_\(-b\):-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1710-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1810-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1110-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1111-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1210-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1211-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1310-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1410_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1510:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1511:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1610-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1710:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1720:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c6110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c8110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c8210:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d1110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d201-s_xpt_q6075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d2110-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d2210-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d3110_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d4100-ve_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d4200-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d6310:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:excam_xf_q1785:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:excam_xpt_q6075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9104-b_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9104-b_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9111-r_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9111_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9111_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114-b-r_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114-b_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114-bt:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fa51:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fa51-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fa54:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i7010-safety:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i7010-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i7020:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i8016-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i8116-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i8307-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1055-l:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1075-l:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1135:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1135-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1137:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1137-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m2035-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m2036-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3057-plr_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3085-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3086-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3086-v_mic:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3088-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3125-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3126-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3128-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3215-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3216-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3905-r:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4215-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4215-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4216-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4216-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4218-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4218-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4225-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4227-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4228-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4308-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plr:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4318-plr:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5000:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5000-g:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5074:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5075-g:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5526-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m7104:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m7116:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1245_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1265_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1275_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1465-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1465-le-3:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1475-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1518-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1518-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve-3:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve_mic:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-slve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3275-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3275-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3277-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3277-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3278-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3278-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3285-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3285-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3287-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3287-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3288-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3288-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3735-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3737-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3738-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3747-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3748-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3818-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3905-r_mk_iii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3925-lre:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3925-r:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3935-lr:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4708-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5654-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5654-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5655-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5676-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p7304:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p7316:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p9117-pv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1615-le_mk_iii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1615_mk_iii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1686-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1715:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1728:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1728-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1798-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1800-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1800-le-3:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1805-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1806-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1808-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1809-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-xte:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1971-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1972-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2111-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2112-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-slve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3546-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3548-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3556-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3558-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3819-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3839-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3839-spve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q4809-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6020-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6074:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6074-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075-s:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075-se:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6078-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6135-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6225-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6300-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6315-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6318-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6355-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6358-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q8615-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q8752-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q8752-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q9307-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s3008:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s3008_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s3016:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s4000:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:v5925:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:v5938:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w100:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w101:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w102:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w120:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w401:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xc1311:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xf40-q1785:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xpq1785:-:*:*:*:*:*:*:*

EPSS

Процентиль: 5%
0.00022
Низкий

6.7 Medium

CVSS3

Дефекты

CWE-732

Связанные уязвимости

github логотип

GHSA-33g9-x8rg-2pmj

CVSS3: 6.7
github
3 месяца назад

An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

EPSS

Процентиль: 5%
0.00022
Низкий

6.7 Medium

CVSS3

Дефекты

CWE-732