Primary

Context

Axis Communications AXIS Camera Station Pro Insecure Direct Object Reference Vulnerability Allowing Unauthorized Data Modification or Deletion

Vulnerability

A vulnerability exists in AXIS Camera Station Pro versions prior to 6.14, allowing non-admin users to modify or delete certain data objects without the necessary permissions. This issue is due to an insecure direct object reference that bypasses authorization controls.

Impact

Exploitation of this vulnerability could lead to unauthorized modification or deletion of data objects by non-admin users.

Remediation

Users are advised to update AXIS Camera Station Pro to version 6.14, where this vulnerability has been addressed. The latest version can be obtained from the Axis Vulnerability Management Portal. For further assistance, contact Axis Technical Support.

Added: Feb 10, 2026, 8:15 AM

Updated: Feb 10, 2026, 8:15 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Axis Communications AXIS Camera Station Pro Insecure Direct Object Reference Vulnerability Allowing Unauthorized Data Modification or Deletion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating