Shodan
Vulnerabilities
Vulnerable Software
Axis:  >> M1033-W Firmware  Security Vulnerabilities
CVE-2018-10658
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-26
CVE-2018-10659
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.
CVSS Score
7.5
EPSS Score
0.012
Published
2018-06-26
CVE-2018-10660
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
CVSS Score
9.8
EPSS Score
0.923
Published
2018-06-26
CVE-2018-10661
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
CVSS Score
9.8
EPSS Score
0.895
Published
2018-06-26
CVE-2018-10662
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
CVSS Score
9.8
EPSS Score
0.831
Published
2018-06-26
CVE-2018-10663
An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-06-26
CVE-2018-10664
An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-26
CVE-2018-9157
An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality
CVSS Score
7.5
EPSS Score
0.018
Published
2018-04-01
CVE-2018-9158
An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-04-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved