CVE-2024-6749

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
6.3MEDIUM
EPSS
0.0%
top 87.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Axis Communications AB Axis Camera StationAxis Communications AB Axis Camera Station PRO
Timeline
PublishedNov 26

Description

Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:LExploitability: 2.0 | Impact: 3.7

Affected Packages2 packages

CVEListV5axis_communications_ab/axis_camera_station5.25 - 5.57.27610

🔴Vulnerability Details

2
GHSA
GHSA-w87w-8cvj-w7xf: Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on t2024-11-26
CVEList
CVE-2024-6749: Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on t2024-11-26
CVE-2024-6749 (MEDIUM CVSS 6.3) | Seth Fogie | cvebase.io