Product Security

Contact information

Axis follows industry best practices in managing and responding to security vulnerabilities in our products to minimize customers risk of exposure and cannot guarantee that products and solutions are free from flaws that may be exploited for malicious attacks. Therefore we monitor known vulnerabilities referred to as CVE (Common Vulnerabilities and Exposure).

Those that affect our products & solutions will be patched as part of regular firmware/software updates. CVEs that Axis identify as critical or caused by Axis will be prioritized and often announced with a Security Advisory.

Vulnerabilities in Axis products & solutions

In the case that you have discovered a new vulnerability in our product firmware, you are encouraged to submit your discovery via email to product-security@axis.com. Sensitive content can be encrypted using our public PGP key. Note that Axis does not operate any bug bounty programs, however we credit the person responsible for the discovery.

Vulnerabilities in Axis web services

Should your discovery pertain to an exploit or vulnerability related to the Axis web or related web services, please contact it-security@axis.com. Note that Axis does not operate any bug bounty programs, however we credit the person responsible for the discovery.

News update

2021-10-05 An external research team has found several flaws (CVE-2021-31986, CVE-2021-31987, CVE-2021-31988) in functionalities used within the built-in event-system of AXIS OS-capable devices. All vulnerabilities were found by Andrea Palanca from Nozomi Network Inc.

2021-08-23 An external research team has found a shortcoming in AXIS Device Manager's handling of device credentials stored in RAM, read the Axis Security Advisory for more information. The vulnerability was discovered by Ben Leonard-Lagarde and Freddie Sibley-Calder from Modux Limted.

2020-04-08 Axis Communications, has been approved as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA) for Axis products, authorizing our company to assign and publish CVE IDs to vulnerabilities in our products. Sebastian Hultqvist, Global Product Manager at Axis Communications commented, “Being recognised as a CNA is a testament to our ongoing work and underscores Axis’ vulnerability management and security best practices. Read the full press release here.

2020-07-31 An internal software security audit discovered a flaw in the protection against device tampering (known as Secure Boot) in AXIS W800 and AXIS S3008. Read the Axis Security Advisory for more information.

2020-06-22 Published Common remarks from security scanning tools to assist customers in making a risk analysis of the results from a security scanning.

2020-03-19 An internal software security audit discovered a flaw in the protection for device tampering (known as Secure Boot) in AXIS Q3527-LVE and AXIS A8207-VE MkII. Read the Axis Security Advisory for more information

2019-09-23 A researcher has discovered that ONVIF devices exposing WS Discovery (port 3207) to Internet are susceptible to be exploited for a Distributed Denial-Of-Service (DDOS) attack.  Read Axis Security Advisory for more information.

Subscribe to Axis Security Advisory Notification email to receive notifications if a critical vulnerability would occur in Axis products and solutions. Click here to subscribe.

Security Advisories & Vulnerability Archive

The  vulnerability archive transparently lists both OpenSource and Axis vulnerabilities that have been brought to our attention. The purpose of the archive is to proactively raise awareness and communicate about vulnerabilities that have been analyzed mainly for AXIS OS-capable products but also for other Axis products and solutions. Security Advisories given out by Axis can also be found there and are attached to the specific CVE number entry.

Axis Vulnerabilities

Please visit the Axis-specific section of the vulnerability archive here to get more information about vulnerabilities specific for Axis products & solutions.

OpenSource Vulnerabilities

Please visit the OpenSource-specific section of the vulnerability archive here to get more information about vulnerabilities caused by OpenSource components that are used in Axis products and their firmware.

Subscribe to stay secure!

Get notified when we find vulnerabilities in Axis products and solutions.

Cybersecurity

We have 100% focus on cyber security, and we’re doing everything in our power to mitigate its risks.