Note:
This project will be discontinued after December 13, 2021. [more]
Product:
M3024\-Lve_firmware
(Axis)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 8 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-05 | CVE-2023-5677 | Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please... | M3024\-Lve_firmware, M3025\-Ve_firmware, M7014_firmware, M7016_firmware, P1214\-E_firmware, P7214_firmware, P7216_firmware, Q7401_firmware, Q7404_firmware, Q7414_firmware, Q7424\-R_mk_ii_firmware | 8.8 |