CVE-2024-47260
📋 TL;DR
This vulnerability in Axis devices allows attackers to upload excessive audio clips through the VAPIX API mediaclip.cgi endpoint due to insufficient input validation. This can cause memory exhaustion, leading to device crashes or denial of service. All Axis devices running vulnerable AXIS OS versions with the VAPIX API enabled are affected.
💻 Affected Systems
- Axis network cameras and video encoders with VAPIX API
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device memory exhaustion causing system crash, persistent denial of service requiring physical reset, and potential disruption of surveillance/security operations.
Likely Case
Device becomes unresponsive or crashes, requiring reboot to restore functionality, disrupting video surveillance and network services.
If Mitigated
Minimal impact with proper network segmentation and access controls limiting who can access the VAPIX API endpoints.
🎯 Exploit Status
Exploitation requires sending multiple requests to the mediaclip.cgi endpoint. No authentication is required if the endpoint is accessible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched AXIS OS versions as specified in Axis security advisory
Vendor Advisory: https://www.axis.com/dam/public/1d/d3/ef/cve-2024-47260pdf-en-US-466883.pdf
Restart Required: Yes
Instructions:
1. Download patched AXIS OS version from Axis website. 2. Upload firmware to device via web interface. 3. Install update. 4. Reboot device. 5. Verify version is updated.
🔧 Temporary Workarounds
Disable VAPIX API
allDisable the VAPIX API if not required for functionality
Network Access Control
allRestrict network access to VAPIX API endpoints using firewall rules
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Axis devices from untrusted networks
- Deploy network monitoring to detect excessive requests to mediaclip.cgi endpoint
🔍 How to Verify
Check if Vulnerable:
Check if device responds to requests to /axis-cgi/mediaclip.cgi and check AXIS OS version against vulnerable versions in advisoryCheck Version:
Check device web interface or use VAPIX API: http://<device-ip>/axis-cgi/admin/param.cgi?action=list&group=Properties.Firmware.VersionVerify Fix Applied:
Verify AXIS OS version is updated to patched version and test that excessive uploads to mediaclip.cgi no longer cause memory issues📡 Detection & Monitoring
Log Indicators:
- Multiple failed or successful POST requests to /axis-cgi/mediaclip.cgi
- System log entries indicating memory exhaustion or device crashes
Network Indicators:
- High volume of HTTP POST requests to mediaclip.cgi endpoint from single source
- Unusual traffic patterns to Axis device management interfaces
SIEM Query:
source="axis_device" AND (uri_path="/axis-cgi/mediaclip.cgi" AND http_method="POST") | stats count by src_ip