Product Security

Overview

Axis follows industry best practices in managing and responding to security vulnerabilities in our products to minimize customers risk of exposure. Axis cannot guarantee that products and services are free from flaws that may be exploited for malicious attacks.

Contact information

If you identify a security vulnerability in an Axis product or service, please report the problem immediately. Timely identification of security vulnerabilities is critical to eliminating potential threats. 

End-users, partners, vendors, industry groups and independent researchers that have identified a potential risk are encouraged to contact via email to product-security@axis.com. You are welcome to use our public PGP key to encrypt sensetive content.

Note: product-security@axis.com will only respond to possible product vulnerabilities. For general questions and requests contact: Technical support: www.axis.com/support 

General: www.axis.com/contact-us

News update

2017-12-01 Security Advisory for ACV-120444 Axis CGI parser published.  Latest firmware includes patchese for these vulnerabilities.

2017-11-28 Security Advisory for CVE-2016-2147/48 (Busybox/DHCP) and CVE-2016-6255/CVE-2016-8863 (UPnP) published.  Latest firmware includes patchese for these vulnerabilities.

2017-07-18 Technical background behind ACV-116267 ("Devil's Ivy") has been published by the 3:rd party here. Patched firmware is available for all affected products in the firmware download section.

2017-07-10 Published advisory for vulnerability ACV-116267 ("Devil's Ivy") .  Patched firmware for affected products is available at firmware download.  The 3:rd party organization that discovered the vulnerability will publish a report and CVE on July 18, instead of July 10 which was previously announced.

2017-07-07 Announcement of critical vulnerability ACV-116267

2017-06-22 Whitepaper  Cybersecurity Concepts & Terminology published.

2017-05-10 AXIS Academy Cybersecurity online course is now available.
(Login to My AXIS account is required)

2017-05-02: AXIS Vulnerability Policy updated with new layout and clarifications.

2017-04-12: AXIS Camera Hardening Guide updated with adjusted recommendations, structure and helpful content.