Описание
Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.46.16 (включая)
Одновременно
cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.25929
Средний
9.8 Critical
CVSS3
Дефекты
CWE-77
CWE-77
Связанные уязвимости
CVSS3: 9.8
github
около 2 лет назад
Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter.
EPSS
Процентиль: 96%
0.25929
Средний
9.8 Critical
CVSS3
Дефекты
CWE-77
CWE-77