Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:axis:m7016_firmware:5.51.5:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-5677 |
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. Published: February 05, 2024; 1:15:46 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |