Enable Multi-Factor Authentication (MFA) if the hardware supports it. Restrict Network Access Disable universal plug-and-play (UPnP) on your router. Do not expose camera ports directly to the public internet.

The issue extends far beyond isolated instances of exposed cameras. In August 2025, researchers from Claroty's Team82 uncovered four severe vulnerabilities in Axis Communications' video surveillance systems, affecting Axis Device Manager (ADM) and Axis Camera Station (ACS). The vulnerabilities involve Axis's proprietary Axis.Remoting communication protocol and allow unauthenticated remote code execution on affected systems. The exploitation chain could enable attackers to hijack, view, or disable live camera feeds. As the researchers explained, "attackers can leverage these exploit chains to access the centralised Axis Device Manager server used by organisations to manage their fleets of Axis devices, as well as the Axis Camera Station, software allowing end-users to access and consume camera feeds in a centralised location."

Change default credentials immediately upon installation. Use unique, complex passwords for every device.

When an Axis camera is configured to allow unauthenticated access—either deliberately or through oversight—anyone who knows the camera's IP address can view the live stream. The camera's web server streams a sequence of JPEG images over HTTP, and the browser displays them as a continuous video feed. On modern Axis cameras, the recommended method of accessing Motion JPEG video requires the AXIS Media Control (AMC) plugin in Windows, but the direct MJPEG path remains available for developers and integrators to access camera data. For many Python developers, the axis_camera driver provides basic functionality for accessing an MJPG stream and controlling PTZ (pan-tilt-zoom) cameras, which has further simplified the process of integrating Axis cameras into custom applications.

Attackers use this query to: