CVE-2024-47262

Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not affected. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.axis.com/dam/public/a3/18/6e/cve-2024-47262pdf-en-US-466884.pdf

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Dzmitry Lukyanenka, miembro del programa Bug Bounty de AXIS OS, ha descubierto que el param.cgi de la API de VAPIX era vulnerable a un ataque de condición de ejecución que permitía a un atacante bloquear el acceso a la interfaz web del dispositivo de Axis. Otros endpoints o servicios de la API que no utilizan param.cgi no se ven afectados. Axis ha publicado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener más información y soluciones.

04 Mar 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-04 06:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-47262

Mitre link : CVE-2024-47262

CVE.ORG link : CVE-2024-47262

JSON object : View

Products Affected

No product.

CWE

CWE-1287

Improper Validation of Specified Type of Input

5.3 /10