N/A

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

路径遍历：’…/…//’

AXIS OS 路径遍历漏洞

AXIS Os是瑞典安讯士（AXIS）公司的一种边缘设备操作系统。 AXIS OS 10.11 到 11.5版本存在安全漏洞，该漏洞源于VAPIX APIoverlay_del.cgi 允许文件删除的路径遍历攻击。

N/A

N/A