CVE-2024-47260 MEDIUM

CVE-2024-47260

Vendor Axis Communications Ab
Product AXIS OS
Weakness CWE-641
Published March 4, 2025
Last update March 28, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory.  Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Key dates

02Disclosure timeline

March 4, 2025 CVE published
March 28, 2025 Record updated