Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-8108

Опубликовано: 11 нояб. 2025
Источник: nvd
CVSS3: 6.7
EPSS Низкий

Описание

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
Версия от 12.0.0 (включая) до 12.7.33 (исключая)

Одно из

cpe:2.3:h:axis:a1210_\(-b\):-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1214:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1601:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1610_\(-b\):-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1710-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a1810-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1110-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1111-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1210-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1211-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1310-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1410_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1510:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1511:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1610-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1710:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c1720:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c6110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c8110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:c8210:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d1110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d201-s_xpt_q6075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d2110-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d2210-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d3110_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d4100-ve_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d4200-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:d6310:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:excam_xf_q1785:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:excam_xpt_q6075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9104-b_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9104-b_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9111-r_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9111_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9111_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114-b-r_mk_ii_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114-b_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114-bt:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:f9114_main_unit:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fa51:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fa51-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:fa54:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i7010-safety:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i7010-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i7020:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i8016-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i8116-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:i8307-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1055-l:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1075-l:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1135:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1135-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1137:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m1137-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m2035-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m2036-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3057-plr_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3085-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3086-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3086-v_mic:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3088-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3125-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3126-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3128-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3215-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3216-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m3905-r:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4215-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4215-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4216-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4216-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4218-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4218-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4225-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4227-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4228-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4308-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plr:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4318-plr:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5000:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5000-g:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5074:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5075-g:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m5526-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m7104:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:m7116:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1245_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1265_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1275_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1385-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1387-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1388-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1465-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1465-le-3:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1475-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1518-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p1518-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-lve-3:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3267-lve_mic:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3268-slve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3275-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3275-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3277-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3277-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3278-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3278-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3285-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3285-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3287-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3287-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3288-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3288-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3735-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3737-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3738-ple:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3747-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3748-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3818-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3905-r_mk_iii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3925-lre:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3925-r:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p3935-lr:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p4708-plve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5654-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5654-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5655-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p5676-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p7304:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p7316:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:p9117-pv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1615-le_mk_iii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1615_mk_iii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1686-dle:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1715:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1728:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1728-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1798-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1800-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1800-le-3:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1805-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1806-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1808-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1809-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1961-xte:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1971-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q1972-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2111-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q2112-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3538-slve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3546-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3548-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3556-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3558-lve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3819-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3839-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q3839-spve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q4809-pve:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6020-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6074:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6074-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075-s:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6075-se:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6078-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6135-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6225-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6300-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6315-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6318-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6355-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q6358-le:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q8615-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q8752-e:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q8752-e_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:q9307-lv:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s3008:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s3008_mk_ii:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s3016:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:s4000:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:v5925:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:v5938:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w100:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w101:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w102:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w110:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w120:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:w401:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xc1311:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xf40-q1785:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:*
cpe:2.3:h:axis:xpq1785:-:*:*:*:*:*:*:*

EPSS

Процентиль: 5%
0.0002
Низкий

6.7 Medium

CVSS3

Дефекты

CWE-732

Связанные уязвимости

github логотип

GHSA-g7h3-4rff-4p2h

CVSS3: 6.7
github
3 месяца назад

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

EPSS

Процентиль: 5%
0.0002
Низкий

6.7 Medium

CVSS3

Дефекты

CWE-732
Уязвимость CVE-2025-8108