Primary

Context

Axis Guard Tour VAPIX API Parameter Vulnerability Blocking Access to Configuration Page

Vulnerability

Patched

A vulnerability in the Guard Tour VAPIX API on Axis devices running AXIS OS 6.50 through 12.3 allows the use of arbitrary values in a parameter, which can be misused to block access to the guard tour configuration page in the web interface. This issue can only be exploited by authenticated users with operator or administrator privileges.

Impact

Exploitation of this vulnerability prevents access to the guard tour configuration page on the affected Axis device.

Remediation

Axis has released patches for this vulnerability in the following versions: Active Track 12.4.28, LTS 2024 11.11.142, LTS 2022 10.12.278, LTS 2020 9.80.100, (Former LTS) 8.40.74 for products still under AXIS OS software support, and (Former LTS) 6.50.5.21 for products still under AXIS OS software support. Users are advised to update their Axis device software to the latest version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Axis Guard Tour VAPIX API Parameter Vulnerability Blocking Access to Configuration Page

Vulnerability

Impact

Remediation

Affected Products

Axis OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating