CVE-2024-47261

Name of the Vulnerable Software and Affected Versions: Axis device (affected versions not specified)

Description: The issue concerns insufficient input validation in the VAPIX API, specifically in the "uploadoverlayimage.cgi" endpoint. This allows an attacker to upload files, potentially blocking access to create image overlays in the web interface of the Axis device.

Recommendations: As a temporary workaround, consider restricting access to the "uploadoverlayimage.cgi" endpoint until a patch is available. Avoid using the VAPIX API to upload files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.