Vulnerability Database

324,382

Total vulnerabilities in the database

CVE-2024-47259

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Published: Mar 4, 2025
Updated: Nov 16, 2025
CVE: CVE-2024-47259
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.5
AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
axis / axis_os	11.11.0	12.2.52
axis / axis_os_2024	-	11.11.126

https://www.axis.com/dam/public/13/cd/4a/cve-2024-47259pdf-en-US-466882.pdf

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo