Primary

Context

Axis Products Remote Code Execution Vulnerability via Flawed Communication Protocol

Vulnerability

Patched

A remote code execution vulnerability has been identified in several Axis products, including AXIS Camera Station Pro versions prior to 6.9, AXIS Camera Station versions prior to 5.58, and AXIS Device Manager versions prior to 5.32. The vulnerability arises from a flaw in the communication protocol between client and server, allowing an authenticated user to execute arbitrary code on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Axis has released patches for this vulnerability. Users are advised to update to AXIS Camera Station Pro 6.9, AXIS Camera Station 5.58, or AXIS Device Manager 5.32. The latest versions can be found on the Axis website or through Axis Technical Support.

Added: Jul 11, 2025, 6:24 AM

Updated: Jul 11, 2025, 6:24 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.3

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.3

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Axis Products Remote Code Execution Vulnerability via Flawed Communication Protocol

Vulnerability

Impact

Remediation

Affected Products

Axis Device Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating