CVE-2021-31988
HIGHAXIS OS Multiple Versions - SMTP Header Injection via CRLF
Title source: llmDescription
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.axis.com/files/tech_notes/CVE-2021-31988.pdf
Scores
CVSS v3
8.8
EPSS
0.0092
EPSS Percentile
55.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-1286
CWE-74
Status
published
Products (4)
axis/axis_os
< 10.7
axis/axis_os_2016
< 6.50.5.5
axis/axis_os_2018
< 8.40.4.3
axis/axis_os_2020
< 9.80.3.5
Published
Oct 05, 2021
Tracked Since
Feb 18, 2026