Axis ≫ Camera Station Pro

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.

A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.

During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.

The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.

The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation.

The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required.

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version f...

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected...