CVE-2024-47260: Input Validation
First published: Tue Mar 04 2025(Updated: )
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Credit: product-security@axis.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AXIS OS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-47260?
CVE-2024-47260 is classified as a high severity vulnerability due to its potential impact on device memory management.
How do I fix CVE-2024-47260?
To fix CVE-2024-47260, you should update to the patched version of AXIS OS provided by Axis.
What vulnerable component is affected by CVE-2024-47260?
The vulnerable component affected by CVE-2024-47260 is the VAPIX API mediaclip.cgi on Axis devices.
What kind of attack can exploit CVE-2024-47260?
CVE-2024-47260 can potentially be exploited through excessive audio clip uploads that lead to denial of service due to memory exhaustion.
Is CVE-2024-47260 an internal or external threat?
CVE-2024-47260 poses an external threat as it can be exploited remotely through the public interfaces of affected Axis devices.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/source
- agent/author
- agent/tags
- agent/event
- vendor/axis
- canonical/axis os