Description
A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://www.axis.com/dam/public/df/f3/dd/cve-2017-20049-en-US-376956.pdf
Scores
CVSS v3
9.8
EPSS
0.0141
EPSS Percentile
69.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (6)
axis/m3005_firmware
< 5.50.5.7
axis/m3007_firmware
< 6.30.1.1
axis/m3045_firmware
< 6.15.4.1
axis/p1204_firmware
< 5.50.4
axis/p3225_firmware
< 6.30.1
axis/p3367_firmware
< 6.10.1.2
Published
Jun 15, 2022
Tracked Since
Feb 18, 2026