Vulnerabilities > Flir
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2023-51126 | Command Injection vulnerability in Flir AX8 Firmware Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. | 9.8 |
| 2024-01-10 | CVE-2023-51127 | Path Traversal vulnerability in Flir AX8 Firmware 1.46.16 FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. | 7.5 |
| 2023-05-15 | CVE-2023-29861 | Unspecified vulnerability in Flir Dvtel Camera Firmware An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device. | 9.8 |
| 2022-12-08 | CVE-2022-4364 | OS Command Injection vulnerability in Flir AX8 Firmware A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. | 9.8 |
| 2022-08-18 | CVE-2022-37061 | OS Command Injection vulnerability in Flir AX8 Firmware All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. | 9.8 |
| 2022-08-18 | CVE-2022-37062 | Missing Authentication for Critical Function vulnerability in Flir AX8 Firmware All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. | 7.5 |
| 2022-08-18 | CVE-2022-37063 | Cross-site Scripting vulnerability in Flir AX8 Firmware All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. | 5.4 |
| 2022-08-18 | CVE-2022-37060 | Path Traversal vulnerability in Flir AX8 Firmware FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. | 7.5 |
| 2018-06-28 | CVE-2018-12920 | Information Exposure vulnerability in Flir Brickstream 2300 Firmware Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI. | 7.5 |
| 2018-01-01 | CVE-2018-3813 | Information Exposure vulnerability in Flir products getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. | 9.8 |