CVE-2024-8160

Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version

Description: The VAPIX API ftptest.cgi did not have sufficient input validation, allowing for a possible command injection. This could lead to the ability to transfer files from or to the Axis device. The flaw can only be exploited after authenticating with an administrator-privileged service account.

Recommendations: For AXIS OS versions prior to the patched version, update to the patched AXIS OS version released by Axis to resolve the issue. As a temporary workaround, consider restricting access to the ftptest.cgi API endpoint until a patch is available.