CVE-2018-10661

CRITICAL EXPLOITED IN THE WILD

Axis IP Cameras - Auth Bypass

Title source: llm

Description

An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/45100

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

remote

https://github.com/mascencerro/axis-rce

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/

[Vendor Advisory] https://www.axis.com/files/faq/Advisory_ACV-128401.pdf

[Vendor Advisory] https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45100/

Scores

CVSS v3 9.8

EPSS 0.8935

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2025-12-08

InTheWild.io 2023-05-11

Classification

Status published

Affected Products (50)

axis/a1001_firmware < 1.65.1

axis/a8004-v_firmware < 1.65.2

axis/a8105-e_firmware < 1.65.2

axis/a9161_firmware < 1.65.0

axis/a9188_firmware < 1.65.0

axis/a9188-v_firmware < 1.65.0

axis/c1004-e_firmware < 1.81.040.1

axis/c2005_firmware < 1.81.040.1

axis/c3003-e_firmware < 1.81.040.1

axis/c8033_firmware < 1.81.040.1

axis/companion_bullet_le_firmware < 8.20.1

axis/companion_c360_firmware < 7.15.2.3

axis/companion_cube_l_firmware < 8.20.1

axis/companion_cube_lw_firmware < 8.20.1

axis/companion_dome_v_firmware < 8.20.1

... and 35 more

Timeline

Published Jun 26, 2018

Tracked Since Feb 18, 2026