Numerous organizations may be at risk following the revelation of four significant vulnerabilities in the products manufactured by Axis Communications, a prominent provider of CCTV cameras and surveillance technology.
Security firm Claroty, along with its research wing, Team82, unveiled these critical findings during the Black Hat USA conference in Las Vegas on August 6.
Inherent Flaws in Proprietary Communication Protocol
The vulnerabilities, identified by Team82 researcher Noam Moshe, stem from a fundamental defect within Axis. Remoting, a proprietary protocol governing communication between client applications and Axis’s servers.
Upon their discovery, Team82 promptly informed Axis Communications, which subsequently made the vulnerabilities public—an action facilitated by their status as a certified Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA).
The vulnerabilities are catalogued as follows:
- CVE-2025-30023: A critical issue (CVSS score: 9) impacting Axis Camera Station Pro prior to version 6.9, Axis Camera Station prior to version 5.58, and Axis Device Manager prior to version 5.32, potentially enabling an authenticated user to execute a remote code execution (RCE) attack.
- CVE-2025-30024: A medium-severity flaw (CVSS score: 6.8) was found in Axis Device Manager before version 5.32; this could be exploited to conduct a man-in-the-middle (MitM) attack.
- CVE-2025-30025: A medium-severity issue (CVSS score: 4.8) affecting Axis Camera Station version 5, Axis Camera Station Pro prior to version 6.7, and Axis Device Manager before version 5.32, potentially leading to local privilege escalation.
- CVE-2025-30026: A medium-severity vulnerability (CVSS score: 5.3) impacting Axis Camera Station prior to version 5.58 and Axis Camera Station Pro before version 6.9, which could facilitate an authentication bypass attack.
Axis Communications stated that to date, no incidents of these vulnerabilities being exploited in real-world scenarios have been documented.
Moreover, the company has released remedial patches incorporated into the following software updates:
- Axis Camera Station Pro 6.9
- Axis Camera Station 5.58
- Axis Device Manager 5.32
In spite of this public discourse, the CVE entries remain under the ‘Reserved’ status on the CVE program website, indicating that further information is expected post-Team82’s presentation at Black Hat on August 6.
On the U.S. National Vulnerability Database (NVD) website, these vulnerabilities are recorded as ‘Awaiting Analysis,’ suggesting that the NVD team has yet to enrich the data available concerning these issues.
6,500 Axis Communications Servers Vulnerable
Despite the absence of confirmed exploitation cases, researchers at Team82 uncovered over 6,500 servers exposing this protocol to the internet, with close to 4,000 of these located in the United States. This finding emerged from an internet scan conducted using tools such as Censys and Shodan.
“Each of these servers might manage hundreds or even thousands of cameras. Given the current constraints on Chinese technology globally, the selection of vendors is increasingly restricted, thereby heightening the importance of securing platforms available for deployment,” noted the researchers.
Team82 has crafted an exploit chain to target vulnerabilities within the Axis. Remoting communication protocol.
Their findings suggest that successful exploitation would grant unauthorized access to both the centralized Axis Device Manager and the Axis Camera Station.
In the event of a successful breach, an attacker could infiltrate the internal network and execute code remotely on either server or client systems.
Furthermore, Team82 emphasized that an attacker acting as a MitM could utilize a pass-the-request flaw in the protocol, which may allow for decryption of traffic and potential remote code execution.
They additionally cautioned that scanning the internet for exposed Axis. Remoting services could empower attackers to identify vulnerable servers and clients, enabling precise and methodical attacks.
“Team82 acknowledges Axis Communications’ prompt response to our findings. They have accepted our disclosure report and worked diligently on necessary patches and updates,” the report stated.
Source link: Infosecurity-magazine.com.
