Resolved issues in Axis Powered by Genetec A1610 (11.4.1504.0 & 11.8.0.2) - Axis Powered by Genetec

Axis Powered by Genetec Release Notes for A1610 (11.4.1504.0 & 11.8.0.2)

Product
Axis Powered by Genetec
Content type
Release notes
Language
English
Last updated
2023-10-17

The following issues are resolved for Axis Powered by Genetec A1610 (11.4.1504.0 & 11.8.0.2).

Issue Description
3415650 A vulnerability (CVE-2023-21413) was discovered on Axis Powered by Genetec network door controllers.

The flaw allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code.

3338570 A vulnerability (CVE-2022-37436) was reported on Apache HTTP Server 2.4.54 used by Axis Powered by Genetec network door controllers.

Before Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.