cvedb.io
CVE-2015-8257
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2017-05-02T14:59:00.177 · Last modified 2026-06-17T00:34:13.537

Summary

The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.

Affected products

axis — network_camera_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when axis ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.