FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root
Posted by deepcore on September 26, 2017 – 10:59 am
FLIR Camera PT-Series suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exist due to several POST parameters in controllerFlirSystem.php script when calling the execFlirSystem() function not being sanitized when using the shell_exec() PHP function while updating the network settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.
Post a reply
You must be logged in to post a comment.