FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Remote Root
Posted by deepcore on October 16, 2018 – 3:32 pm
The FLIR AX8 thermal sensor camera version 1.32.16 suffers from two unauthenticated command injection vulnerabilities. The issues can be triggered when calling multiple unsanitized HTTP GET/POST parameters within the shell_exec function in res.php and palette.php file. This can be exploited to inject arbitrary system commands and gain root remote code execution.
Post a reply
You must be logged in to post a comment.