Vendor
Axis Communications Ab
Products
3
CVEs
18
Across products
18
Status
Private
Products
3- 11 CVEs
- 6 CVEs
- 1 CVE
Recent CVEs
18| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-30023 | 0.01 | — | 0.07 | Jul 11, 2025 | The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. | ||
| CVE-2025-12063 | 0.00 | — | 0.00 | Feb 10, 2026 | An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions. | ||
| CVE-2025-12757 | 0.00 | — | 0.00 | Feb 10, 2026 | An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to. | ||
| CVE-2025-13064 | 0.00 | — | 0.00 | Feb 10, 2026 | A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with. | ||
| CVE-2025-11547 | 0.00 | — | 0.00 | Feb 10, 2026 | AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. | ||
| CVE-2025-7622 | 0.00 | — | 0.00 | Aug 12, 2025 | During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered. | ||
| CVE-2025-30026 | 0.00 | — | 0.00 | Jul 11, 2025 | The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required. | ||
| CVE-2025-30025 | 0.00 | — | 0.00 | Jul 11, 2025 | The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation. | ||
| CVE-2025-0926 | 0.00 | — | 0.00 | Apr 23, 2025 | Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||
| CVE-2025-1056 | 0.00 | — | 0.00 | Apr 23, 2025 | Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||
| CVE-2024-7696 | 0.00 | — | 0.00 | Jan 7, 2025 | Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||
| CVE-2023-21412 | 0.00 | — | 0.00 | Aug 3, 2023 | User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections. | ||
| CVE-2023-21411 | 0.00 | — | 0.00 | Aug 3, 2023 | User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution. | ||
| CVE-2023-21410 | 0.00 | — | 0.00 | Aug 3, 2023 | User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution. | ||
| CVE-2023-21409 | 0.00 | — | 0.00 | Aug 3, 2023 | Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application. | ||
| CVE-2023-21408 | 0.00 | — | 0.00 | Aug 3, 2023 | Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems. | ||
| CVE-2023-21407 | 0.00 | — | 0.00 | Aug 3, 2023 | A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges. | ||
| CVE-2022-23410 | 0.00 | — | 0.01 | Feb 14, 2022 | AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder. |