exploitDog

GHSA-2hjm-52g5-36gm

Опубликовано: 08 янв. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 8.7

CVSS3: 6.2

Описание

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.

Ссылки

EPSS

Процентиль: 52%

0.00288

Низкий

8.7 High

CVSS4

6.2 Medium

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2017-20212

CVSS3: 6.2

nvd

около 1 месяца назад

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.

EPSS

Процентиль: 52%

0.00288

Низкий

8.7 High

CVSS4

6.2 Medium

CVSS3

CVE ID

Дефекты

CWE-22