Overview
Axis follows industry best practices in managing and responding to security vulnerabilities in our products to minimize customers risk of exposure. Axis cannot guarantee that products and services are free from flaws that may be exploited for malicious attacks.
Contact information
If you identify a security vulnerability in an Axis product or service, please report the problem immediately. Timely identification of security vulnerabilities is critical to eliminating potential threats.
End-users, partners, vendors, industry groups and independent researchers that have identified a potential risk are encouraged to contact via email to product-security@axis.com. You are welcome to use our public PGP key to encrypt sensetive content.
Note: product-security@axis.com will only respond to possible product vulnerabilities. For general questions and requests contact: Technical support: www.axis.com/support
General: www.axis.com/contact-us
News update
2018-04-13 Security Announcement ACV-128401. Axis recommends to patch affected models
2017-12-01 Security Advisory for ACV-120444 Axis CGI parser published. Latest firmware patches this vulnerability.
2017-11-28 Security Advisory for CVE-2016-2147/48 (Busybox/DHCP) and CVE-2016-6255/CVE-2016-8863 (UPnP)
2017-07-10 Security Advisory for ACV-116267 ("Devil's Ivy"). List of affected products
Security Advisory
- ACV-128401 ( Announcement)
- ACV-120444 Axis CGI parser
- CVE-2016-6255 UPnP
- CVE-2016-2147/48 Busybox/DHCP
- ACV-116267 (CVE-2017-9765)
- SECLISTS-1703-41-Multiple_Vulnerabilities
- Cross-Site Request Forgery
- Axis SSID Remote Format String
- CVE-2015-7547 glibc getaddrinfo
- CVE-2015-0235 Ghost - Get Host by name
- CVE-2014-6271 Shellshock
- CVE-2014-3566 SSL-Poodle
- CVE-2014-1030 VU680244-XSS
- CVE-2014-0224 OpenSSL MITM
- CVE-2014-0160 Heartbleed
Cybersecurity
We have 100% focus on cyber security, and we’re doing everything in our power to mitigate its risks.