Filtered by vendor Axis
Subscribe
Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4929 | 1 Axis | 1 207w Network Camera | 2026-04-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors. | |||||
| CVE-2007-2239 | 1 Axis | 10 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 7 more | 2026-04-23 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument. | |||||
| CVE-2000-0144 | 1 Axis | 1 700 Network Document Server | 2026-04-16 | 7.5 HIGH | N/A |
| Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack. | |||||
| CVE-2003-0240 | 1 Axis | 9 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 6 more | 2026-04-16 | 10.0 HIGH | N/A |
| The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash). | |||||
| CVE-2004-2425 | 1 Axis | 14 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 11 more | 2026-04-16 | 7.5 HIGH | N/A |
| Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi. | |||||
| CVE-2000-0191 | 1 Axis | 1 Storpoint Cd | 2026-04-16 | 10.0 HIGH | N/A |
| Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack. | |||||
| CVE-2004-2427 | 1 Axis | 14 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 11 more | 2026-04-16 | 10.0 HIGH | N/A |
| Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi. | |||||
| CVE-2004-2426 | 1 Axis | 14 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 11 more | 2026-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi. | |||||
| CVE-2004-0789 | 9 Axis, Delegate, Dnrd and 6 more | 15 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 12 more | 2026-04-16 | 5.0 MEDIUM | N/A |
| Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet. | |||||
| CVE-2001-1543 | 1 Axis | 5 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 2 more | 2026-04-16 | 7.5 HIGH | N/A |
| Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera. | |||||
| CVE-2003-1386 | 1 Axis | 2 2400 Video Server, 2401 Video Server | 2026-04-16 | 6.4 MEDIUM | N/A |
| AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file. | |||||
| CVE-2025-11142 | 1 Axis | 1 Axis Os | 2026-02-28 | N/A | 7.1 HIGH |
| The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. | |||||
| CVE-2025-11547 | 1 Axis | 1 Camera Station Pro | 2026-02-17 | N/A | 7.8 HIGH |
| AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. | |||||
| CVE-2025-12757 | 1 Axis | 1 Camera Station Pro | 2026-02-17 | N/A | 4.6 MEDIUM |
| An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to. | |||||
| CVE-2025-13064 | 1 Axis | 1 Camera Station Pro | 2026-02-17 | N/A | 4.5 MEDIUM |
| A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with. | |||||
| CVE-2025-12063 | 1 Axis | 1 Camera Station Pro | 2026-02-17 | N/A | 5.7 MEDIUM |
| An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions. | |||||
| CVE-2025-30025 | 1 Axis | 2 Camera Station Pro, Device Manager | 2026-01-23 | N/A | 7.8 HIGH |
| The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation. | |||||
| CVE-2025-30024 | 1 Axis | 1 Device Manager | 2026-01-23 | N/A | 6.8 MEDIUM |
| The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack. | |||||
| CVE-2025-30023 | 1 Axis | 3 Camera Station, Camera Station Pro, Device Manager | 2026-01-23 | N/A | 9.0 CRITICAL |
| The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. | |||||
| CVE-2025-0359 | 1 Axis | 2 Axis Os, Axis Os 2024 | 2026-01-22 | N/A | 8.5 HIGH |
| During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||