Command injection

2022-12-0815:15:00

PRIOn knowledge base

www.prio-n.com

teledyne flir ax8

command injection

web service handler

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.3%

JSON

A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-215118 is the identifier assigned to this vulnerability.

CPENameOperatorVersion
flir_ax8_firmwarege1.46.0
flir_ax8_firmwarelt1.46.16

CPE	Name	Operator	Version
	flir_ax8_firmware	ge	1.46.0
	flir_ax8_firmware	lt	1.46.16

References

github.com/siriuswhiter/VulnHub/blob/main/Flir/02-FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E1.md

vuldb.com/?id.215118