3 matches found
FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS Vulnerabilities
FLIR AX8 versions 1.46.16 and below suffer from command injection, directory traversal, improper access control, and cross site scripting vulnerabilities. FLIR AX8 vulnerabilities. Product description: The FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual camera...
CVE-2022-37063
The connected sources confirm CVE-2022-37063 affects Teledyne FLIR AX8 thermal sensor cameras up to version 1.46.16, due to improper input sanitization that enables authenticated remote XSS in the web management interface. Successful exploits can execute arbitrary JavaScript in the victim’s brows...
CVE-2022-37061
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...