CVE-2021-31988

HIGH

SMTP Test - Info Disclosure

Title source: llm

Description

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.

References (1)

[Vendor Advisory] https://www.axis.com/files/tech_notes/CVE-2021-31988.pdf

Scores

CVSS v3 8.8

EPSS 0.0062

EPSS Percentile 69.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-1286 CWE-74

Status published

Affected Products (4)

axis/axis_os < 10.7

axis/axis_os_2016 < 6.50.5.5

axis/axis_os_2018 < 8.40.4.3

axis/axis_os_2020 < 9.80.3.5

Timeline

Published Oct 05, 2021

Tracked Since Feb 18, 2026