Cyber Resilience

CVE-2024-47261

Medium

Published: 08 April 2025

Published
08 April 2025
Modified
14 January 2026
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0016 36.9th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47261 is a medium-severity Improper Validation of Specified Type of Input (CWE-1287) vulnerability in Axis Axis Os. Its CVSS base score is 4.3 (Medium).

Operationally, ranked at the 36.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access to create image overlays in the web…

more

interface of the Axis device.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

axis
axis os
10.12.0 — 12.3.56
axis
axis os 2022
≤ 10.12.276
axis
axis os 2024
≤ 11.11.141

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References