Lucene search

[email protected]NVD:CVE-2022-37063

HistoryAug 18, 2022 - 6:15 p.m.

CVE-2022-37063

2022-08-1818:15:08

CWE-79

[email protected]

web.nvd.nist.gov

flir ax8

thermal sensor

xss

input sanitization

web management

exploit

javascript

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

38.9%

JSON

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit could allow the attacker to insert malicious JavaScript code.

Affected configurations

Nvd

Node

flirflir_ax8_firmwareRange≤1.46.16

AND

flirflir_ax8Match-

VendorProductVersionCPE
flirflir_ax8_firmware*cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*
flirflir_ax8-cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
flir	flir_ax8_firmware	*	cpe:2.3:o:flir:flir_ax8_firmware::::::::
flir	flir_ax8	-	cpe:2.3:h:flir:flir_ax8:-:::::::*

References

packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html

gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899

www.flir.com/products/ax8-automation/