FLIR Systems AX8 Cameras Path Traversal (CVE-2023-51127)

FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file. NOTE...

FLIR Systems AX8 Cameras OS Command Injection (CVE-2022-37061)

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

FLIR Systems AX8 Cameras Command Injection (CVE-2025-5126)

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be...

CVE-2017-20215

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complet...

PT-2026-1670

Name of the Vulnerable Software and Affected Versions FLIR Thermal Camera PT-Series firmware version 8.0.0.64 Description The FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection issues in the controllerFlirSystem.php script. Attackers...

CVE-2017-20215 FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 Authenticated OS Command Injection

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complet...

CVE-2017-20215

CVE-2017-20215 concerns FLIR Thermal Camera FC-S/PT firmware v8.0.0.64 which contains an authenticated OS command injection vulnerability. The underlying issue arises from unvalidated input parameters, enabling an authenticated attacker to execute shell commands with root privileges and gain comp...

CVE-2017-20214 FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 Hard-Coded SSH Credentials Vulnerability

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system...

CVE-2017-20212

The CVE-2017-20212 entry concerns FLIR Thermal Camera F/FC/PT/D firmware 8.0.0.64. Affected component: the web application path /var/www/data/controllers/api/xml.php, where readFile() reads local files without authentication. Root cause: unverified input parameters allow information disclosure. I...

CVE-2017-20212 FLIR Thermal Camera F/FC/PT/D 8.0.0.64 Information Disclosure via File Reading

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile function to access...