FLIR Systems AX8 Cameras Missing Authentication for Critical Function (CVE-2022-37062)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(505193);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/21");

  script_cve_id("CVE-2022-37062");

  script_name(english:"FLIR Systems AX8 Cameras Missing Authentication for Critical Function (CVE-2022-37062)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"All FLIR AX8 thermal sensor cameras version up to and including
1.46.16 are affected by an insecure design vulnerability due to an
improper directory access restriction. An unauthenticated, remote
attacker can exploit this by sending a URI that contains the path of
the SQLite users database and download it. A successful exploit could
allow the attacker to extract usernames and hashed passwords. NOTE:
The vendor has stated that with the introduction of firmware version
1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the
vulnerability reported. Latest firmware version (as of Oct 2025, was
released Jun 2024) is 1.55.16.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# script_set_attribute(attribute:"see_also", value:"https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899");
  script_set_attribute(attribute:"see_also", value:"https://www.flir.com/products/ax8-automation/");
# script_set_attribute(attribute:"see_also", value:"https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899");
  script_set_attribute(attribute:"see_also", value:"https://www.flir.com/products/ax8-automation/");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-37062");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(306);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/08/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/02/19");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:flir:flir_ax8_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/FLIRSystems");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/FLIRSystems');

var asset = tenable_ot::assets::get(vendor:'FLIRSystems');

var vuln_cpes = {
    "cpe:/o:flir:flir_ax8_firmware" :
        {"versionEndIncluding" : "1.46.16", "family" : "AX8Cameras"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);