Axis follows industry best practices in managing and responding to security vulnerabilities in our products to minimize customers risk of exposure. Axis cannot guarantee that products and services are free from flaws that may be exploited for malicious attacks.
If you identify a security vulnerability in an Axis product or service, please report the problem immediately. Timely identification of security vulnerabilities is critical to eliminating potential threats.
End-users, partners, vendors, industry groups and independent researchers that have identified a potential risk are encouraged to contact via email to email@example.com. You are welcome to use our public PGP key to encrypt sensitive content.
Vulnerabilities discovered on Axis web (or related web services) should be sent to firstname.lastname@example.org.
2020-03-19 An internal software security audit discovered a flaw in the protection for device tampering (known as Secure Boot) in AXIS Q3527-LVE and AXIS A8207-VE MkII. Read the Axis Security Advisory for more information
2019-09-23 A researcher has discovered that ONVIF devices exposing WS Discovery (port 3207) to Internet are susceptible to be exploited for a Distributed Denial-Of-Service (DDOS) attack. Read Axis Security Advisory for more information.
Subscribe to Axis Security Advisory Notification email to receive notifications if a critical vulnerability would occur in Axis products and solutions. Click here to subscribe.
- ACV-165813 (Secure boot)
- ONVIF / WS Discovery DDoS
- ACV-147453 (AXIS A1001)
- ACV-120444 Axis CGI parser
- CVE-2016-6255 UPnP
- CVE-2016-2147/48 Busybox/DHCP
- ACV-116267 (CVE-2017-9765)
- Cross-Site Request Forgery
- Axis SSID Remote Format String
- CVE-2015-7547 glibc getaddrinfo
- CVE-2015-0235 Ghost - Get Host by name
- CVE-2014-6271 Shellshock
- CVE-2014-3566 SSL-Poodle
- CVE-2014-1030 VU680244-XSS
- CVE-2014-0224 OpenSSL MITM
- CVE-2014-0160 Heartbleed
Subscribe to stay secure!
Get notified when we find vulnerabilities in Axis products and solutions.
We have 100% focus on cyber security, and we’re doing everything in our power to mitigate its risks.