CVE-2024-8160
CVSS 3.1 Score 3.8 of 10 (low)
Details
Summary
CVE-2024-8160 is a recently discovered vulnerability affecting the ftptest.cgi component of Axis devices. This issue, reported by Erik de Jong through the AXIS OS Bug Bounty Program, stems from insufficient input validation in the VAPIX API. The flaw allows for command injection, enabling an attacker to transfer files to and from the device after successful authentication using an administrator-privileged account. Axis has released updated AXIS OS versions to address this vulnerability. Please consult the Axis security advisory for further details and patch implementation instructions.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- O S