Home
MEDIUM: 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LDefault status
unaffected
6.50.0 (semver) before 6.50.5.21
affected
7.0.0 (semver) before 8.40.74
affected
9.0.0 (semver) before 9.80.100
affected
10.0.0 (semver) before 10.12.278
affected
11.0.0 (semver) before 11.11.142
affected
12.0.0 (semver) before 12.4.28
affected
Description
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.
Problem types
CWE-1287: Improper Validation of Specified Type of Input
CWE-628: Function Call with Incorrectly Specified Arguments
Product status
6.50.0 (semver) before 6.50.5.21
7.0.0 (semver) before 8.40.74
9.0.0 (semver) before 9.80.100
10.0.0 (semver) before 10.12.278
11.0.0 (semver) before 11.11.142
12.0.0 (semver) before 12.4.28
Credits
51l3nc3
References
www.axis.com/...c/d0/ae/fe/cve-2025-0325pdf-en-US-483808.pdf