CVE-2024-47259 LOW

CVE-2024-47259

Vendor Axis Communications Ab
Product AXIS OS
Weakness CWE-434 · Unrestricted file upload
Published March 4, 2025
Last update March 28, 2025

CVSS base score

3.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Key dates

02Disclosure timeline

March 4, 2025 CVE published
March 28, 2025 Record updated