Filtered by vendor Axis
Subscriptions
Filtered by product Xf40-q1785
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5454 | 1 Axis | 233 A1210 \(-b\), A1214, A1601 and 230 more | 2025-11-24 | 6.4 Medium |
| An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-4645 | 1 Axis | 233 A1210 \(-b\), A1214, A1601 and 230 more | 2025-11-24 | 6.7 Medium |
| An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-5452 | 1 Axis | 233 A1210 \(-b\), A1214, A1601 and 230 more | 2025-11-24 | 6.6 Medium |
| A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-8108 | 1 Axis | 233 A1210 \(-b\), A1214, A1601 and 230 more | 2025-11-24 | 6.7 Medium |
| An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-5718 | 1 Axis | 233 A1210 \(-b\), A1214, A1601 and 230 more | 2025-11-24 | 6.8 Medium |
| The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-6779 | 1 Axis | 233 A1210 \(-b\), A1214, A1601 and 230 more | 2025-11-24 | 6.7 Medium |
| An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
Page 1 of 1.