all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

FLIR AX8 1.46.16 Remote Command Injection

Add to bookmarks
Nov. 2, 2022, 3:04 p.m. |

Packet Storm packetstormsecurity.com

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability to upload and execute payloads gaining root privileges.

command command injection injection

Visit resource

More from packetstormsecurity.com / Packet Storm

Apache Solr Backup/Restore API Remote Code Execution 19 hours ago | packetstormsecurity.com
11.2 apache apache solr api +17
Ubuntu Security Notice USN-6748-1 19 hours ago | packetstormsecurity.com
attack attacker cross-site issue +9
Ubuntu Security Notice USN-6747-1 19 hours ago | packetstormsecurity.com
arbitrary code attacker code denial of service +16
Ubuntu Security Notice USN-6742-2 19 hours ago | packetstormsecurity.com
attacker authentication bluetooth connections +11
Relate Learning And Teaching System SSTI / Remote Code Execution 20 hours ago | packetstormsecurity.com
batch code code execution exam +13
Nginx 1.25.5 Host Header Validation 20 hours ago | packetstormsecurity.com
bug header host malice +2
Red Hat Security Advisory 2024-2033-03 20 hours ago | packetstormsecurity.com
advisory enterprise libreswan linux +5
Red Hat Security Advisory 2024-2011-03 20 hours ago | packetstormsecurity.com
advisory buffer buffer overflow buffer overflow vulnerability +12
Red Hat Security Advisory 2024-2010-03 20 hours ago | packetstormsecurity.com
advisory components crlf injection denial of service +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cyber Systems Administration

@ Peraton | Washington, DC, United States
View on infosec-jobs.com

Android Security Engineer, Public Sector

@ Google | Reston, VA, USA
View on infosec-jobs.com

Lead Electronic Security Engineer, CPP - Federal Facilities - Hybrid

@ Black & Veatch | Denver, CO, US
View on infosec-jobs.com

Profissional Sênior de Compliance & Validação em TI - Montes Claros (MG)

@ Novo Nordisk | Montes Claros, Minas Gerais, BR
View on infosec-jobs.com

Principal Engineer, Product Security Engineering

@ Google | Sunnyvale, CA, USA
View on infosec-jobs.com
View more jobs