← Back

CVE-2024-47259

nvd nist
Published: Mar 4, 2025Modified: Jan 22, 2026

JSON object

Loading...
7.1
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Exploitability: 2.8 / Impact: 4.2
Source: NVD

Description

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Affected (2)

Axis
2 products
Axis Os
Axis Os 2024
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Axis Os
From 11.11.0 to 12.2.52
Axis Os 2024
Before 11.11.126

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

Source: product-security@axis.com
Vendor Advisory

Timeline

No history available yet.