Turning Camera Surveillance on its Axis

Team82 disclosed four vulnerabilities in Axis Communications' proprietary Axis.Remoting protocol that together allow authentication bypass and pre-authentication remote code execution against Axis Device Manager and Axis Camera Station; the research demonstrates MiTM and NTLM pass-the-challenge techniques, unsafe .NET JSON deserialization (TypeNameHandling.Auto) leading to RCE, and an unauthenticated HTTP fallback endpoint enabling preauth compromise. The chain can yield NT AUTHORITY\SYSTEM on servers, permit installation of malicious packages to compromise managed cameras, and Team82 identified over 6,500 internet-exposed Axis.Remoting instances; Axis has released patches and reports no known public exploitation.