13 matches found
FLIR AX8 1.46.16 - Remote Command Injection
FLIR AX8 version 1.46.16 and below is susceptible to an unauthenticated remote command injection vulnerability.The vulnerability exists in the alarm functionality where user-supplied input in the 'id' parameter is not properly sanitized,allowing attackers to inject and execute arbitrary OS...
FLIR AX8 1.46.16 - Remote Command Injection
Exploit Title: FLIR AX8 1.46.16 - Remote Command Injection Date: 8/19/2022 Exploit Author: Samy Younsi Naqwada https://samy.link, SC Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWok Version: 1.46.16...
CVE-2022-37061
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...
FLIR AX8 Thermal Camera Command Injection (CVE-2022-37061)
A command injection vulnerability exists in FLIR AX8 thermal camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Metasploit Weekly Wrap-Up
C is for cookie And that’s good enough for Apache CouchDB, apparently. Our very own Jack Heysel added an exploit module based on CVE-2022-24706 targeting CouchDB prior to 3.2.2, leveraging a special default ‘monster’ cookie that allows users to run OS commands. This fake computer I just made says...
FLIR AX8 1.46.16 Remote Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'FLIR AX8 unauthenticated RCE', 'Description' = %q All FLIR AX8 thermal sensor cameras versions up to and including 1.46.1...
FLIR AX8 1.46.16 Remote Command Injection Exploit
All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability...
FLIR AX8 unauthenticated RCE
All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability...
FLIR AX8 1.46.16 Remote Command Execution Exploit
-- coding: utf-8 -- Exploit Title: FLIR AX8 Unauthenticated OS Command Injection Exploit Author: Samy Younsi Naqwada https://samy.link Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWok Version: 1.46....
FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS Vulnerabilities
FLIR AX8 versions 1.46.16 and below suffer from command injection, directory traversal, improper access control, and cross site scripting vulnerabilities. FLIR AX8 vulnerabilities. Product description: The FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual camera...
CVE-2022-37061
creationtimestamp| type| source ---|---|--- 2022-08-18 22:26:40+00:00| seen| https://t.me/cibsecurity/48367 2022-11-01 18:06:49+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/flirax8unauthrcecve202237061.rb 2023-06-27 15:16:19+00:00| seen|...
CVE-2022-37061
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...
CVE-2022-37061
CVE-2022-37061 – FLIR AX8 RCE vulnerability (up to firmware 1.46.16) : The issue is an unauthenticated remote command injection via the POST parameter id to res.php, allowing an attacker to execute arbitrary shell commands as root. Public reports indicate exploitation in the wild (e.g., Metasploi...