CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-22984
https://notcve.org/view.php?id=CVE-2023-22984
A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL. • https://d0ub1e-d.github.io/2022/12/30/exploit-db-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28860
https://notcve.org/view.php?id=CVE-2022-28860
An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera. Una disminución de la autenticación en el servidor en Citilog versión 8.0, permite a un atacante (en una posición de tipo man in the middle entre el servidor y su cámara inteligente Axis M1125) conseguir acceso HTTP a la cámara • https://github.com/ErwanBroquaire/citilog-8.0-vulnerability https://www.citilog.com https://www.citilog.com/wp-content/uploads/2023/07/CitilogSAS_information_note_2021-10-18-English.pdf •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28861
https://notcve.org/view.php?id=CVE-2022-28861
The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server. El servidor en Citilog versión 8.0, permite a un atacante (en una posición de tipo man in the middle entre el servidor y su cámara inteligente Axis M1125) visualizar las credenciales FTP en un tráfico HTTP de texto sin cifrar. Éstas pueden usarse para acceder al servidor por FTP • https://github.com/ErwanBroquaire/citilog-8.0-vulnerability https://www.citilog.com https://www.citilog.com/wp-content/uploads/2023/07/CitilogSAS_information_note_2021-10-18-English.pdf • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2017-20049
https://notcve.org/view.php?id=CVE-2017-20049
A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. Se ha encontrado una vulnerabilidad en los dispositivos Axis heredados, como el P3225 y el M3005. • https://www.axis.com/dam/public/df/f3/dd/cve-2017-20049-en-US-376956.pdf • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23410
https://notcve.org/view.php?id=CVE-2022-23410
AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder. AXIS IP Utility antes de la versión 4.18.0 permite la ejecución remota de código y el aumento de privilegios locales mediante el secuestro de DLL. IPUtility.exe intentaba cargar DLLs desde su directorio de trabajo actual, lo que podía permitir la ejecución remota de código si se colocaba una DLL comprometida en la misma carpeta • https://www.axis.com/files/tech_notes/CVE-2022-23410.pdf • CWE-427: Uncontrolled Search Path Element •