Sources

https://www.bleepingcomputer.com/news/security/vendor-patches-seven-vuln...
https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilit...
https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf

Risks

By exploiting three of the seven newly discovered vulnerabilities in a specific sequence, an attacker with network access to the camera can remotely execute shell commands with root privileges. This can lead to at least:
• Access to the camera’s video stream
• Freeze the camera’s video stream
• Control the camera – move the lens to the desired point, turn motion detection on/off
• Add the camera to a botnet
• Alter the camera’s software
• Use the camera as an infiltration point into a network (performing lateral movement)
• Render the camera useless
• Use the camera to perform other nefarious tasks (DDoS attacks, Bitcoin mining, others)

Recommended Actions

CERT.be recommends users to always keep their systems up to date. It’s also recommended to segregate your CCTV camera’s from your main network and avoid to connect them to the public Internet.
Axis has released new Firmwares which can be downloaded at:
https://www.axis.com/support/firmware

More Information

https://www.bleepingcomputer.com/news/security/vendor-patches-seven-vuln...
https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilit...
https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf
https://www.axis.com/support/firmware