Home

Description

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device.

PUBLISHED Reserved 2024-09-23 | Published 2025-04-08 | Updated 2025-04-08 | Assigner Axis




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-1287: Improper Validation of Specified Type of Input

Product status

Default status
unaffected

10.12.0 (semver) before 10.12.276
affected

11.0.0 (semver) before 11.11.141
affected

12.0.0 (semver) before 12.3.56
affected

References

www.axis.com/.../18/c5/b2/cve-2024-47261pdf-en-US-474505.pdf

cve.org (CVE-2024-47261)

nvd.nist.gov (CVE-2024-47261)

Download JSON