Axis: >> Camera Station Pro >> 6.0.25729 Security Vulnerabilities
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
CVSS Score
5.7
EPSS Score
0.0
Published
2026-02-10
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
CVSS Score
4.6
EPSS Score
0.0
Published
2026-02-10
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.
CVSS Score
4.5
EPSS Score
0.0
Published
2026-02-10
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.
CVSS Score
5.7
EPSS Score
0.0
Published
2025-08-12
The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.
CVSS Score
9.0
EPSS Score
0.023
Published
2025-07-11
The communication protocol used between the
server process and the service control had a flaw that could lead to a local privilege escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-07-11
The AXIS Camera Station Server had a flaw that allowed
to bypass authentication that is normally required.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-07-11
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-04-23
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-04-23
Page 1