51L3Nc3

**Name of the Vulnerable Software and Affected Versions** VAPIX API (affected versions not specified) **Description** The VAPIX API’s `mediaclip.cgi` component lacks proper input validation, potentially allowing for remote code execution. Exploitation requires authentication with an operator- or administrator-privileged service account. The API endpoint involved is `/mediaclip.cgi`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Axis (affected versions not specified) **Description** An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This issue can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces a victim to install a malicious ACAP application. A path traversal attack involves manipulating file paths to access restricted directories or files. Privilege escalation refers to gaining unauthorized access to higher-level system privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** Dispositivo Axis (versões afetadas não especificadas) **Descrição** Um parâmetro da API VAPIX do Guard Tour permitia o uso de valores arbitrários e pode ser chamado de forma incorreta, permitindo que um atacante bloqueie o acesso à página de configuração do Guard Tour na interface web do dispositivo Axis. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.