CVE-2024-8160

CVSS 3.1 Score 3.8 of 10 (low)

Details

Published Nov 26, 2024
CWE ID 1286

Summary

CVE-2024-8160 is a recently discovered vulnerability affecting the ftptest.cgi component of Axis devices. This issue, reported by Erik de Jong through the AXIS OS Bug Bounty Program, stems from insufficient input validation in the VAPIX API. The flaw allows for command injection, enabling an attacker to transfer files to and from the device after successful authentication using an administrator-privileged account. Axis has released updated AXIS OS versions to address this vulnerability. Please consult the Axis security advisory for further details and patch implementation instructions.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share