A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attackerĀ to block access to the guard tour configuration page in the web interface of the Axis device.
The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.
There are multiple ways in which this weakness can be introduced, including: