Skip to main content

Camera Station Pro CVE-2024-7696

MEDIUM
Improper Output Neutralization for Logs (CWE-117)
2025-01-07 product-security@axis.com
6.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:02 vuln.today
CVE Published
Jan 07, 2025 - 06:15 nvd
MEDIUM 6.3

DescriptionCVE.org

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

AnalysisAI

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-117. Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. Affected products include: Axis Camera Station Pro.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-30026 CRITICAL
9.8 Jul 11

CVE-2025-30026 is a critical authentication bypass vulnerability in AXIS Camera Station Server that allows unauthenticat

CVE-2025-30023 CRITICAL
9.0 Jul 11

CVE-2025-30023 is a critical remote code execution vulnerability in a client-server communication protocol that allows a

CVE-2025-30025 HIGH
7.8 Jul 11

CVE-2025-30025 is a local privilege escalation vulnerability in the inter-process communication (IPC) protocol between a

CVE-2025-11547 HIGH
7.8 Feb 10

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. [CV

CVE-2025-1056 MEDIUM
6.1 Apr 23

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the

CVE-2025-0926 MEDIUM
5.9 Apr 23

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to

CVE-2025-12063 MEDIUM
5.7 Feb 10

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the

CVE-2025-12757 MEDIUM
4.6 Feb 10

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are n

CVE-2025-13064 MEDIUM
4.5 Feb 10

A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script w

CVE-2025-7622 MEDIUM
5.1 Aug 12

During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated

Share

CVE-2024-7696 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy