Axis follows industry best practices in managing and responding to security vulnerabilities in our products to minimize customers risk of exposure. Axis cannot guarantee that products and services are free from flaws that may be exploited for malicious attacks.
Announcement (July 18, 2017): Critical vulnerability ACV-116267 ("Devil's Ivy")
Recently a third party discovered a critical vulnerability in Axis products and published a report on July 18th which can be read here. Axis has released a Security Advisory regarding ACV-116267 (which includes a listing of all affected models) and patched firmware for all affected models is available on the firmware download page.
As a precaution, Axis recommends patching affected products in a controlled manner. The vulnerability, which is hard to exploit, does not pose any immediate risk if products are protected by a firewall.
If you identify a security vulnerability in an Axis product or service, please report the problem immediately. Timely identification of security vulnerabilities is critical to eliminating potential threats.
End-users, partners, vendors, industry groups and independent researchers that have identified a potential risk are encouraged to contact via email to firstname.lastname@example.org. You are welcome to use our public PGP key to encrypt sensetive content.
2017-07-10 Published advisory for vulnerability ACV-116267 ("Devil's Ivy") . Patched firmware for affected products is available at firmware download. The 3:rd party organization that discovered the vulnerability will publish a report and CVE on July 18, instead of July 10 which was previously announced.
2017-07-07 Announcement of critical vulnerability ACV-116267
2017-06-22 Whitepaper Cybersecurity Concepts & Terminology published.
2017-05-10 AXIS Academy Cybersecurity online course is now available.
(Login to My AXIS account is required)
2017-05-02: AXIS Vulnerability Policy updated with new layout and clarifications.
2017-04-12: AXIS Camera Hardening Guide updated with adjusted recommendations, structure and helpful content.
- ACV-120444 Axis CGI parser
- CVE-2016-6255 UPnP
- CVE-2016-2147/48 Busybox/DHCP
- ACV-116267 (CVE-2017-9765)
- Cross-Site Request Forgery
- Axis SSID Remote Format String
- CVE-2015-7547 glibc getaddrinfo
- CVE-2015-0235 Ghost - Get Host by name
- CVE-2014-6271 Shellshock
- CVE-2014-3566 SSL-Poodle
- CVE-2014-1030 VU680244-XSS
- CVE-2014-0224 OpenSSL MITM
- CVE-2014-0160 Heartbleed
We have 100% focus on cyber security, and we’re doing everything in our power to mitigate its risks.