CyberWire Daily A look behind the lens. [Research Saturday]
23 snips
Oct 25, 2025 Noam Moshe, Vulnerability Research Team Lead at Claroty, dives into alarming findings regarding vulnerabilities in Axis.Remoting. He reveals how attackers can exploit these flaws, which enable remote code execution on vital surveillance systems. With over 6,500 exposed Axis services, more than half in the U.S., the discussion highlights significant security risks to managed camera fleets. Noam emphasizes the importance of timely patching and vigilance, warning against solely relying on encryption for security.
AI Snips
Chapters
Transcript
Episode notes
Central Servers Control Camera Fleets
- Axis provides enterprise-grade centralized servers (Device Manager, Camera Station) to manage thousands of IP cameras.
- Compromise of these central servers yields control over both network access and all managed camera feeds.
Closed Protocols Can Hide Critical Flaws
- Axis implemented a proprietary Axis.Remoting protocol for client-server communication that looks secure but is closed-source.
- Hidden protocol flaws can allow pre-auth remote code execution despite encryption and authentication.
NTLM Enables Pass-The-Challenge Exploits
- Axis used NTLM SSP challenge-response for authentication inside Axis.Remoting.
- NTLM is susceptible to pass-the-challenge man-in-the-middle attacks that can let an attacker inject messages after authentication.