Lucene search
+L

13 matches found

nuclei
nuclei
added 5 days ago54 views

FLIR AX8 1.46.16 - Remote Command Injection

FLIR AX8 version 1.46.16 and below is susceptible to an unauthenticated remote command injection vulnerability.The vulnerability exists in the alarm functionality where user-supplied input in the 'id' parameter is not properly sanitized,allowing attackers to inject and execute arbitrary OS...

9.8CVSS7.2AI score0.99607EPSS
Exploits9References3
exploitdb
exploitdb
added 2025/04/16 12:0 a.m.141 views

FLIR AX8 1.46.16 - Remote Command Injection

Exploit Title: FLIR AX8 1.46.16 - Remote Command Injection Date: 8/19/2022 Exploit Author: Samy Younsi Naqwada https://samy.link, SC Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWok Version: 1.46.16...

9.8CVSS9.4AI score0.99607EPSS
Exploits9
redhatcve
redhatcve
added 2025/03/31 2:39 p.m.17 views

CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

9.8CVSS9.7AI score0.99607EPSS
Exploits9References1
checkpoint_advisories
checkpoint_advisories
added 2022/11/21 12:0 a.m.89 views

FLIR AX8 Thermal Camera Command Injection (CVE-2022-37061)

A command injection vulnerability exists in FLIR AX8 thermal camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

5.6AI score0.99607EPSS
Exploits9
rapid7blog
rapid7blog
added 2022/11/04 7:14 p.m.56 views

Metasploit Weekly Wrap-Up

C is for cookie And that’s good enough for Apache CouchDB, apparently. Our very own Jack Heysel added an exploit module based on CVE-2022-24706 targeting CouchDB prior to 3.2.2, leveraging a special default ‘monster’ cookie that allows users to run OS commands. This fake computer I just made says...

10CVSS8.2AI score0.99607EPSS
Exploits37
packetstorm
packetstorm
added 2022/11/02 12:0 a.m.389 views

FLIR AX8 1.46.16 Remote Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'FLIR AX8 unauthenticated RCE', 'Description' = %q All FLIR AX8 thermal sensor cameras versions up to and including 1.46.1...

9.8CVSS0.3AI score0.99607EPSS
Exploits9
zdt
zdt
added 2022/11/02 12:0 a.m.335 views

FLIR AX8 1.46.16 Remote Command Injection Exploit

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability...

9.8CVSS10AI score0.99607EPSS
Exploits9
metasploit
metasploit
added 2022/11/01 7:49 p.m.241 views

FLIR AX8 unauthenticated RCE

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability...

9.8CVSS9.7AI score0.99607EPSS
Exploits9
zdt
zdt
added 2022/08/22 12:0 a.m.610 views

FLIR AX8 1.46.16 Remote Command Execution Exploit

-- coding: utf-8 -- Exploit Title: FLIR AX8 Unauthenticated OS Command Injection Exploit Author: Samy Younsi Naqwada https://samy.link Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWok Version: 1.46....

9.8CVSS7.9AI score0.99607EPSS
Exploits11
zdt
zdt
added 2022/08/22 12:0 a.m.481 views

FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS Vulnerabilities

FLIR AX8 versions 1.46.16 and below suffer from command injection, directory traversal, improper access control, and cross site scripting vulnerabilities. FLIR AX8 vulnerabilities. Product description: The FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual camera...

9.8CVSS0.6AI score0.99607EPSS
Exploits13
circl
circl
added 2022/08/18 10:26 p.m.39 views

CVE-2022-37061

creationtimestamp| type| source ---|---|--- 2022-08-18 22:26:40+00:00| seen| https://t.me/cibsecurity/48367 2022-11-01 18:06:49+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/flirax8unauthrcecve202237061.rb 2023-06-27 15:16:19+00:00| seen|...

9.8CVSS7.3AI score0.99607EPSS
Exploits9References6
cve
cve
added 2022/08/18 12:0 a.m.306 views

CVE-2022-37061

CVE-2022-37061 – FLIR AX8 RCE vulnerability (up to firmware 1.46.16) : The issue is an unauthenticated remote command injection via the POST parameter id to res.php, allowing an attacker to execute arbitrary shell commands as root. Public reports indicate exploitation in the wild (e.g., Metasploi...

9.8CVSS8.2AI score0.99607EPSS
In wildExploits9References7Affected Software1
attackerkb
attackerkb
added 2022/08/18 12:0 a.m.471 views

CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

9.8CVSS8.8AI score0.99607EPSS
In wildExploits15References8
Rows per page
Query Builder