CVE-2024-6831

Summary

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Affected Software

VendorProductVersion RangeStatus
Axis Communications ABAXIS Camera Station Pro<6.4affected
Axis Communications ABAXIS Camera Station<5.57.33556affected

Weaknesses

  • CWE-602: CWE-602: Client-Side Enforcement of Server-Side Security

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References