Teledyne FLIR AX8 命令注入漏洞

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. A command injection vulnerability exists in Teledyne FLIR AX8 version 1.46.16 and earlier, which stems from a command injection in the file /usr/www/application/models/subscriptions.php in the component Backend...

Teledyne FLIR AX8 跨站脚本漏洞

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. A cross-site scripting vulnerability exists in Teledyne FLIR AX8 version 1.46.16 and earlier, which stems from a cross-site scripting attack due to the incorrect operation of the parameter cmd in the file...

CVE-2022-37062

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and...

FLIR AX8 1.46.16 - Remote Command Injection

Exploit Title: FLIR AX8 1.46.16 - Remote Command Injection Date: 8/19/2022 Exploit Author: Samy Younsi Naqwada https://samy.link, SC Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWok Version: 1.46.16...

CVE-2024-3013

A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/testlogin.php?action=register of the component User Registration. Executing manipulation can lead to improper authorization. The attack may be performed from remote. The exploi...

Teledyne FLIR AX8 授权问题漏洞

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. An authorization issue vulnerability exists in Teledyne FLIR AX8 version 1.46.16 and earlier, which stems from an improper authorization vulnerability in the file /tools/testlogin.php...

PT-2024-14054 · Flir · Flir Ax8

Name of the Vulnerable Software and Affected Versions: FLIR AX8 thermal sensor cameras up to and including 1.46.16 Description: The issue is related to Directory Traversal due to improper access restriction, allowing an unauthenticated, remote attacker to obtain arbitrary sensitive file contents ...

PT-2024-14053 · Flir · Flir Ax8

Name of the Vulnerable Software and Affected Versions: FLIR AX8 versions up to 1.46.16 Description: A command injection issue exists in the /usr/www/res.php file, allowing attackers to execute arbitrary commands by manipulating the value parameter. Recommendations: For FLIR AX8 versions up to...

CVE-2022-4364

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out...

Teledyne FLIR AX8 操作系统命令注入漏洞

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. A command injection vulnerability exists in Teledyne FLIR AX8 version 1.46.16 and earlier, which stems from an unknown function in the palette.php file of its Web Service Handler component that operates on the...

PT-2022-26985 · Teledyne Flir · Teledyne Flir Ax8

Name of the Vulnerable Software and Affected Versions: Teledyne FLIR AX8 versions up to 1.46.16 Description: A critical vulnerability has been found in the Web Service Handler component of the affected software. The issue is related to an unknown function of the file palette.php, where the...

VulnCheck KEV: CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow...

FLIX AX8 1.46.16 Remote Command Execution

-- coding: utf-8 -- Exploit Title: FLIR AX8 Unauthenticated OS Command Injection Date: 8/19/2022 Exploit Author: Samy Younsi Naqwada https://samy.link Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWo...

CVE-2022-37062

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and...

PT-2022-23776 · Flir · Flir Ax8

Name of the Vulnerable Software and Affected Versions: FLIR AX8 thermal sensor cameras version up to and including 1.46.16 Description: The issue is related to Directory Traversal due to improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contai...

PT-2022-23778 · Flir · Flir Ax8

Name of the Vulnerable Software and Affected Versions: FLIR AX8 thermal sensor cameras version up to and including 1.46.16 Description: The issue is due to an improper directory access restriction, allowing an unauthenticated, remote attacker to exploit it by sending a URI that contains the path ...

Teledyne FLIR AX8 跨站脚本漏洞

Teledyne FLIR AX8 is a series of thermal surveillance cameras from the US-based Teledyne FLIR. A cross-site scripting vulnerability exists in Teledyne FLIR AX8 versions 1.46.16 and earlier, which stems from its improper sanitization of inputs that allows an authenticated, remote attacker to execu...