Live View Axis Patched <90% High-Quality>

| Vulnerability Type | Technical Breakdown | | :--- | :--- | | | A deserialization vulnerability in the communication protocol between client and server systems allows attackers to specify arbitrary object types during deserialization by crafting malicious JSON payloads containing $type fields | | Authentication Bypass (CVE-2025-30026) | A hidden fallback HTTP endpoint beginning with "_/" bypasses the standard Negotiate authentication scheme, allowing anonymous access to Axis.Remoting services | | Man-in-the-Middle (MiTM) Vulnerability | The Axis.Remoting protocol uses self-signed certificates without proper validation, making it possible for attackers to intercept and decrypt Axis.Remoting requests and responses | | Improper Data Handling | Improper handling of complex data types during deserialization makes it possible to execute arbitrary code on both servers and clients via remote procedure calls |