CVE-2025-63223

Name of the Vulnerable Software and Affected Versions Axel Technology StreamerMAX MK II versions 0.8.5 through 1.0.3

Description The software contains a Broken Access Control issue because of missing authentication. This affects the /cgi-bin/gstFcgi.fcgi API endpoint. An unauthenticated remote attacker can list user accounts, create new administrative users, delete users, and modify system settings, potentially leading to full device compromise.

Recommendations Update firmware to a version later than 1.0.3.