{"id":2146,"date":"2025-08-07T05:55:32","date_gmt":"2025-08-07T05:55:32","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/08\/07\/bhusa-security-researchers-uncover-critical-flaws-in-axis-cctv-software\/"},"modified":"2025-08-07T05:55:32","modified_gmt":"2025-08-07T05:55:32","slug":"bhusa-security-researchers-uncover-critical-flaws-in-axis-cctv-software","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/08\/07\/bhusa-security-researchers-uncover-critical-flaws-in-axis-cctv-software\/","title":{"rendered":"#BHUSA: Security Researchers Uncover Critical Flaws in Axis CCTV Software"},"content":{"rendered":"
\n

Written by<\/h2>\n
\n

\"Photo<\/p>\n<\/div>\n

\n
\n

Thousands of organizations could be vulnerable to attack after researchers discovered four critical vulnerabilities in the products of Axis Communications, a leading manufacturer of CCTV cameras and surveillance equipment.<\/p>\n

OT security firm Claroty and its research branch, Team82, shared findings at Black Hat USA, in Las Vegas, on August 6.<\/p>\n

Flaws in Axis Proprietary Client-Server Communication Protocol<\/strong><\/h2>\n

Team82 researcher, Noam Moshe, discovered the vulnerabilities which all originating from a fundamental flaw in Axis.Remoting, a proprietary communication protocol used between client applications and Axis\u2019 servers.<\/p>\n

Upon discovery, Team82 quickly notified Axis Communications, which publicly reported them \u2013 the manufacturer is a certified Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA).<\/p>\n

They are tracked as follows:<\/p>\n

    \n
  • CVE-2025-30023. A critical flaw (CVSS score: 9) affecting Axis Camera Station Pro\u00a0 before version 6.9, Axis Camera Station before version 5.58 and Axis Device Manager before version 5.32 that could lead to an authenticated user performing a remote code execution (RCE) attack<\/li>\n
  • CVE-2025-30024. A medium-severity flaw (CVSS score: 6.8) affecting Axis Device Manager before version 5.32 that could be leveraged to execute a man-in-the-middle (MitM) attack<\/li>\n
  • CVE-2025-30025. A medium severity flaw (CVSS score: 4.8) affecting Axis Camera Station version 5, Axis Camera Station Pro before version 6.7 and Axis Device Manager before version 5.32 that could lead to a local privilege escalation<\/li>\n
  • CVE-2025-30026. A medium severity flaw (CVSS score: 5.3) affecting Axis Camera Station before version 5.58 and Axis Camera Station Pro before version 6.9 that could allow an authentication bypass attack<\/li>\n<\/ul>\n

    The manufacturer stated in its advisories that it had observed no in the exploitation in the wild of any of the four flaws.<\/p>\n

    It also released patches in the following software updates:<\/p>\n

      \n
    • Axis Camera Station Pro 6.9<\/li>\n
    • Axis Camera Station 5.58<\/li>\n
    • Axis Device Manager 5.32<\/li>\n<\/ul>\n

      Despite public disclosure, the CVE entries still currently appear under the \u2018Reserved\u2019 status on the website of the CVE program, suggesting that more information will be made available after the Team82 session at Black Hat, which is to be held on August 6.<\/p>\n

      On the US National Vulnerability Database (NVD) website, the four vulnerabilities are registered under the status \u2018Awaiting Analysis,\u2019 which typically means that the NVD team has not yet added any enriched data around these flaws.<\/p>\n<\/p><\/div>\n

      \"The
      The Axis Camera Station software allows users to view the camera feed of multiple Axis cameras. Source: Team82, Claroty<\/figcaption><\/figure>\n
      \n

      6,500 Axis Communications Servers Exposed<\/strong><\/h2>\n

      Despite no known records of exploitation, the Team82 researchers discovered more than 6,500 servers exposing this protocol and its services to the internet, more than half of those (almost 4,000) in the US. This came following an internet scan using tools like Censys and Shodan.<\/p>\n

      \u201cEach of these servers could potentially manage hundreds or thousands of individual cameras. Given current bans on Chinese technology in many corners of the world, an organization\u2019s choice of vendors has become somewhat limited, putting more emphasis on the protection of platforms available for these deployments,\u201d the researchers added.<\/p>\n

      Team82 developed an exploit chain that targets vulnerabilities in the Axis.Remoting communication protocol.<\/p>\n

      According to their findings, the attack enables unauthorized access to both the centralized Axis Device Manager and the Axis Camera Station.<\/p>\n

      Successful exploitation of these vulnerabilities could allow an attacker to infiltrate an internal network and execute code remotely on either the server or client systems.<\/p>\n

      Additionally, Team82 highlighted that an attacker positioned as a MitM could exploit a pass-the-request flaw in the protocol, potentially decrypting traffic and achieving remote code execution.<\/p>\n<\/p><\/div>\n

      \"Man-in-the-Middle
      Man-in-the-Middle (MiTM) setup in an Axis.Remoting environment that allows an attacker to MiTM a connection between a client and an application. Source: Team82, Claroty<\/figcaption><\/figure>\n
      \n

      They also warned that by scanning the internet for exposed Axis.Remoting services, an attacker could identify vulnerable servers and clients, facilitating precise and targeted attacks.<\/p>\n

      \u201cTeam 82 wishes to acknowledge Axis Communications\u2019 quick response to our disclosure. They accepted our disclosure report and worked on the patches and updates in a timely fashion,\u201d read the report.<\/p>\n

      Photo credits:\u00a0Fredrik Eriksson \/ ChristianLphoto \/ Shutterstock.com<\/em><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

      Written by Thousands of organizations could be vulnerable to attack after researchers discovered four critical vulnerabilities in the products of Axis Communications, a leading manufacturer of CCTV cameras and surveillance equipment. OT security firm Claroty and its research branch, Team82, shared findings at Black Hat USA, in Las Vegas, on August 6. Flaws in Axis<\/p>\n","protected":false},"author":2,"featured_media":2147,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2146","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2146-7cefd704-24a9-4a08-a62d-9904bd5a64fc.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2146-7cefd704-24a9-4a08-a62d-9904bd5a64fc-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2146-7cefd704-24a9-4a08-a62d-9904bd5a64fc.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2146-7cefd704-24a9-4a08-a62d-9904bd5a64fc.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2146-7cefd704-24a9-4a08-a62d-9904bd5a64fc.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2146-7cefd704-24a9-4a08-a62d-9904bd5a64fc.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2146-7cefd704-24a9-4a08-a62d-9904bd5a64fc.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2146-7cefd704-24a9-4a08-a62d-9904bd5a64fc.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2146-7cefd704-24a9-4a08-a62d-9904bd5a64fc.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2146-7cefd704-24a9-4a08-a62d-9904bd5a64fc.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2146-7cefd704-24a9-4a08-a62d-9904bd5a64fc-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2146"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2146\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2147"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2146"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}