CVE-2024-47261: Input Validation
First published: Tue Apr 08 2025(Updated: )
51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web interface of the Axis device.
Credit: product-security@axis.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Axis VAPIX API |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-47261?
CVE-2024-47261 is rated as a medium severity vulnerability due to insufficient input validation allowing file uploads.
How do I fix CVE-2024-47261?
To fix CVE-2024-47261, it is recommended to apply the latest security patches provided by Axis for the VAPIX API.
What are the potential impacts of CVE-2024-47261?
The potential impacts of CVE-2024-47261 include unauthorized access that can disrupt the creation of image overlays in the Axis device's web interface.
Which software is affected by CVE-2024-47261?
CVE-2024-47261 affects the Axis VAPIX API, specifically the uploadoverlayimage.cgi component.
Who discovered CVE-2024-47261?
CVE-2024-47261 was discovered by a security researcher named 51l3nc3 as part of the AXIS OS Bug Bounty Program.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/source
- agent/author
- agent/last-modified-date
- agent/tags
- agent/event
- vendor/axis
- canonical/axis vapix api