Mucoze

**Name of the Vulnerable Software and Affected Versions** Axis ACAP (affected versions not specified) **Description** Improper input validation during the installation process allows ACAP applications to gain elevated privileges, potentially leading to privilege escalation. This issue is exploitable only if the Axis device is configured to permit the installation of unsigned ACAP applications and a user is persuaded to install a malicious application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Axis ACAP (affected versions not specified) **Description** An ACAP configuration file lacks sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This issue is exploitable only if the Axis device is configured to allow the installation of unsigned ACAP applications and an attacker convinces the victim to install a malicious ACAP application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Axis ACAP (affected versions not specified) **Description** An ACAP configuration file lacks sufficient input validation, enabling a path traversal attack—a method where an attacker accesses files and directories outside the intended folder—which could lead to privilege escalation. Exploitation requires the Axis device to be configured to allow the installation of unsigned ACAP applications and for a victim to be convinced to install a malicious ACAP application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** (affected versions not specified) **Description** A flaw exists that allows the upload of files with a specific name to a temporary directory. This can lead to process crashes and reduced usability. Exploitation requires authentication with an operator- or administrator-privileged service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VAPIX API (affected versions not specified) **Description** The VAPIX API’s `port.cgi` component lacks adequate input validation. This can lead to process crashes and negatively affect usability. Exploitation requires authentication with a viewer, operator, or administrator-level service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.