CVE-2024-47261

low-risk

Published 2025-04-08

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device.

Do I need to act?

0.30% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (3)

Axis Os

Axis Os 2022

Axis Os 2024

Affected Vendors

Axis

References (1)

Vendor Advisory https://www.axis.com/dam/public/18/c5/b2/cve-2024-47261pdf-en-US-474505.pdf

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 9/34 · Low