Axis: >> Camera Station Pro >> 6.8.43790 Security Vulnerabilities
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
CVSS Score
5.7
EPSS Score
0.0
Published
2026-02-10
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
CVSS Score
4.6
EPSS Score
0.0
Published
2026-02-10
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.
CVSS Score
4.5
EPSS Score
0.0
Published
2026-02-10
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.
CVSS Score
5.7
EPSS Score
0.0
Published
2025-08-12
The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.
CVSS Score
9.0
EPSS Score
0.023
Published
2025-07-11
The AXIS Camera Station Server had a flaw that allowed
to bypass authentication that is normally required.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-07-11