Client-Side Only Check Allowing Unauthorized View Editing and Removal
CVE-2024-6831

4.4MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis Camera Station Pro; Axis Camera Station
Vendor: CVE Published:; 26 November 2024

Summary

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Affected Version(s)

AXIS Camera Station <5.57.33556

AXIS Camera Station Pro <6.4

References

https://www.axis.com/dam/public/a2/9a/41/cve-2024-6831-en...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
Jul 17, 2024