CVE-2015-8258

HIGH

AXIS Communications <5.80.x - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-8258. PoCs published by Orwelllabs.

AI-analyzed exploit summary The advisory describes a resource injection vulnerability in AXIS Communications cameras via the 'imagePath' parameter, allowing an attacker to inject malicious URLs. It also highlights the 'Open Script Editor' feature, which can be abused with default credentials to edit system files with root privileges.

Description

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."

Exploits (1)

exploitdb WRITEUP
by Orwelllabs · textwebappshardware
https://www.exploit-db.com/exploits/41625

The advisory describes a resource injection vulnerability in AXIS Communications cameras via the 'imagePath' parameter, allowing an attacker to inject malicious URLs. It also highlights the 'Open Script Editor' feature, which can be abused with default credentials to edit system files with root privileges.

Classification
Writeup 90%
Attack Type
Xss | Ssrf | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: AXIS Communications camera firmwares < 5.80.x
No auth needed
Prerequisites: Network access to the vulnerable device · Default or weak credentials for 'Open Script Editor' abuse
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41625/

Scores

CVSS v3 7.5
EPSS 0.0876
EPSS Percentile 94.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-74
Status published
Products (2)
axis/axis_communications_firmware < 5.80.3
n/a/AXIS Communications products with firmware through 5.80.x AXIS Communications products with firmware through 5.80.x
Published Apr 10, 2017
Tracked Since Feb 18, 2026