FLIR AX8 1.46.16 Remote Command Injection
All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16
are vulnerable to remote command injection. This can be exploited to
inject and execute arbitrary shell commands as the root user through the
id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability to upload and execute payloads gaining root privileges.
https://packetstormsecurity.com/files/169701/flir_ax8_unauth_rce_cve_2022_37061 .rb.txt
Wed, 02 Nov 2022 15:04:26 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com