CVE-2025-5126

🗓️ 24 May 2025 15:00:10Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 55 Views🌐 WEB

Critical vulnerability in FLIR AX8 allows remote command injection via setDataTime function.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-5126	24 May 202515:09	–	circl
CNNVD	Teledyne FLIR AX8 命令注入漏洞	24 May 202500:00	–	cnnvd
Cvelist	CVE-2025-5126 Teledyne FLIR AX8 settingsregional.php setDataTime command injection	24 May 202515:00	–	cvelist
EUVD	EUVD-2025-16221	3 Oct 202520:07	–	euvd
NVD	CVE-2025-5126	24 May 202515:15	–	nvd
Positive Technologies	PT-2025-22841 · Flir · Flir Ax8	24 May 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-5126	26 May 202519:32	–	redhatcve
Tenable Nessus	FLIR Systems AX8 Cameras Command Injection (CVE-2025-5126)	19 Feb 202600:00	–	nessus
Vulnrichment	CVE-2025-5126 Teledyne FLIR AX8 settingsregional.php setDataTime command injection	24 May 202515:00	–	vulnrichment

NVD

Vulners

Node

flir flir_ax8_firmwareRange1.46.0–1.46.16

AND

flir flir_ax8Match-

[
  {
    "vendor": "Teledyne FLIR",
    "product": "AX8",
    "versions": [
      {
        "version": "1.46.0",
        "status": "affected"
      },
      {
        "version": "1.46.1",
        "status": "affected"
      },
      {
        "version": "1.46.2",
        "status": "affected"
      },
      {
        "version": "1.46.3",
        "status": "affected"
      },
      {
        "version": "1.46.4",
        "status": "affected"
      },
      {
        "version": "1.46.5",
        "status": "affected"
      },
      {
        "version": "1.46.6",
        "status": "affected"
      },
      {
        "version": "1.46.7",
        "status": "affected"
      },
      {
        "version": "1.46.8",
        "status": "affected"
      },
      {
        "version": "1.46.9",
        "status": "affected"
      },
      {
        "version": "1.46.10",
        "status": "affected"
      },
      {
        "version": "1.46.11",
        "status": "affected"
      },
      {
        "version": "1.46.12",
        "status": "affected"
      },
      {
        "version": "1.46.13",
        "status": "affected"
      },
      {
        "version": "1.46.14",
        "status": "affected"
      },
      {
        "version": "1.46.15",
        "status": "affected"
      },
      {
        "version": "1.46.16",
        "status": "affected"
      },
      {
        "version": "1.49.16",
        "status": "unaffected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/YZS17/CVE/blob/main/Remote%20Command%20Injection%20in%20parameter%20%24hour.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/YZS17/CVE/blob/main/Remote%20Command%20Injection%20in%20parameter%20%24minute.md

Parameter	Position	Path	Description	CWE
year	query param	/usr/www/application/models/settingsregional.php	Remote command injection via setDataTime in settingsregional.php allows manipulation of time components to execute arbitrary commands.	CWE-74, CWE-77
month	query param	/usr/www/application/models/settingsregional.php	Remote command injection via setDataTime in settingsregional.php allows manipulation of time components to execute arbitrary commands.	CWE-74, CWE-77
day	query param	/usr/www/application/models/settingsregional.php	Remote command injection via setDataTime in settingsregional.php allows manipulation of time components to execute arbitrary commands.	CWE-74, CWE-77
hour	query param	/usr/www/application/models/settingsregional.php	Remote command injection via setDataTime in settingsregional.php allows manipulation of time components to execute arbitrary commands.	CWE-74, CWE-77
minute	query param	/usr/www/application/models/settingsregional.php	Remote command injection via setDataTime in settingsregional.php allows manipulation of time components to execute arbitrary commands.	CWE-74, CWE-77

15 Oct 2025 14:15Current

8.3High risk

Vulners AI Score8.3

CVSS 48.7

CVSS 3.18.8

CVSS 29

CVSS 38.8

EPSS0.1095

SSVC