CVE-2024-7696

Medium CVSS: 6.3

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.

Vendor

Axis

Product

Camera Station Pro

CWE

CWE-117

Yayın Tarihi

2025-01-07 06:15:17

Güncelleme

2025-10-10 14:27:04

Source Identifier

product-security@axis.com

KEV Date Added

Kategoriler

CWE-117 Camera Station Pro MEDIUM Axis 2025

Referanslar

https://www.axis.com/dam/public/b3/53/03/cve-2024-7696-en-US-459552.pdf

Benzer Kayıtlar

Medium

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the…

Medium

CVE-2025-12757

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are n…

Medium

CVE-2025-13064

A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script w…

High

CVE-2025-11547

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.

High

CVE-2025-11142

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code executio…

Medium

CVE-2025-8108

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privileg…