Primary

Context

Axis VAPIX API Input Validation Vulnerability in port.cgi Leading to Process Crashes

Vulnerability

Patched

A vulnerability exists in the VAPIX API port.cgi due to inadequate input validation. This flaw can cause process crashes, adversely affecting usability. The vulnerability requires authentication with a service account that has viewer, operator, or administrator privileges.

Impact

Exploitation of this vulnerability can lead to process crashes, causing disruptions in usability.

Remediation

Axis has released patches for this vulnerability in several versions, including Active Track 12.7.11, LTS 2024 11.11.177, LTS 2022 10.12.305, LTS 2020 9.80.123, and former LTS versions 8.40.89 and 6.50.5.21 for products still under AXIS OS software support. Users are advised to update their Axis device software to the latest version available.

Added: Nov 11, 2025, 8:19 AM

Updated: Nov 11, 2025, 8:19 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

1.3

exploitability

4.9

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

1.3

exploitability

4.9

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Axis VAPIX API Input Validation Vulnerability in port.cgi Leading to Process Crashes

Vulnerability

Impact

Remediation

Affected Products

Axis AXIS OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating