Camera Station Pro
CVE-2024-7696
MEDIUM
Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
2DescriptionCVE.org
Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
AnalysisAI
Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-117. Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. Affected products include: Axis Camera Station Pro.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Camera Station Pro
View allCVE-2025-30026 is a critical authentication bypass vulnerability in AXIS Camera Station Server that allows unauthenticat
CVE-2025-30023 is a critical remote code execution vulnerability in a client-server communication protocol that allows a
CVE-2025-30025 is a local privilege escalation vulnerability in the inter-process communication (IPC) protocol between a
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. [CV
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are n
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script w
During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated
Same weakness CWE-117 – Improper Output Neutralization for Logs
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today