CVE-2024-47261

MEDIUM

Axis < - Path Traversal

Title source: llm

Description

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device.

References (1)

[Vendor Advisory] https://www.axis.com/dam/public/18/c5/b2/cve-2024-47261pdf-en-US-474505.pdf

Scores

CVSS v3 4.3

EPSS 0.0030

EPSS Percentile 53.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1287

Status published

Products (3)

axis/axis_os 10.12.0 - 12.3.56

axis/axis_os_2022 < 10.12.276

axis/axis_os_2024 < 11.11.141

Published Apr 08, 2025

Tracked Since Feb 18, 2026