Lucene search
K

FLIR Systems AX8 Cameras Incorrect Privilege Assignment (CVE-2024-3013)

🗓️ 19 Feb 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 5 Views

Flir AX8 privilege assignment flaw enables remote improper authorization; upgrade to version 1.49.16.

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNNVD
Teledyne FLIR AX8 授权问题漏洞
28 Mar 202400:00
cnnvd
CVE
CVE-2024-3013
28 Mar 202400:31
cve
Cvelist
CVE-2024-3013 Teledyne FLIR AX8 User Registration test_login.php improper authorization
28 Mar 202400:31
cvelist
EUVD
EUVD-2024-31621
3 Oct 202520:07
euvd
NVD
CVE-2024-3013
28 Mar 202401:15
nvd
OSV
CVE-2024-3013
28 Mar 202401:15
osv
Positive Technologies
PT-2024-23203 · Flir · Flir Ax8
27 Mar 202400:00
ptsecurity
RedhatCVE
CVE-2024-3013
23 May 202510:04
redhatcve
Vulnrichment
CVE-2024-3013 Teledyne FLIR AX8 User Registration test_login.php improper authorization
28 Mar 202400:31
vulnrichment
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(505192);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/20");

  script_cve_id("CVE-2024-3013");

  script_name(english:"FLIR Systems AX8 Cameras Incorrect Privilege Assignment (CVE-2024-3013)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted
element is an unknown function of the file
/tools/test_login.php?action=register of the component User
Registration. Executing manipulation can lead to improper
authorization. The attack may be performed from remote. The exploit
has been published and may be used. Upgrading to version 1.49.16 is
sufficient to resolve this issue. Upgrading the affected component is
recommended. The vendor points out: FLIR AX8 internal web site has
been refactored to be able to handle the reported vulnerabilities.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://vuldb.com/?ctiid.258299");
  script_set_attribute(attribute:"see_also", value:"https://vuldb.com/?id.258299");
  script_set_attribute(attribute:"see_also", value:"https://vuldb.com/?submit.301588");
  script_set_attribute(attribute:"see_also", value:"https://vuldb.com/?ctiid.258299");
  script_set_attribute(attribute:"see_also", value:"https://vuldb.com/?id.258299");
  script_set_attribute(attribute:"see_also", value:"https://vuldb.com/?submit.301588");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-3013");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(266, 285);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/02/19");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:flir:flir_ax8_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/FLIRSystems");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/FLIRSystems');

var asset = tenable_ot::assets::get(vendor:'FLIRSystems');

var vuln_cpes = {
    "cpe:/o:flir:flir_ax8_firmware" :
        {"versionEndIncluding" : "1.46.16", "versionStartIncluding" : "1.46.0", "family" : "AX8Cameras"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

20 Feb 2026 00:00Current
5.7Medium risk
Vulners AI Score5.7
CVSS 3.16.3 - 8.8
CVSS 45.3
CVSS 26.5
CVSS 36.3
EPSS0.22987
SSVC
5