| Titel | FLIR FLIR FB-Series O FLIR FB-Series O and ID Firmware, Version 1.3.2.16 Command Injection |
|---|
| Beschreibung | The built-in `sendCommand()` function in the production.html page is intended to call the backend `runcmd.sh` script to execute arbitrary commands, with a hardcoded backdoor password. Although this functionality is currently disabled due to server CGI configuration errors, it is essentially a "time bomb" waiting to be activated. |
|---|
| Quelle | ⚠️ https://github.com/waiwai24/0101/blob/main/CVEs/FLIR/Command_Injection_Vulnerability_in_Developer_Backdoor_Page.md |
|---|
| Benutzer | waiwai24 (UID 81637) |
|---|
| Einreichung | 04.07.2025 21:14 (vor 12 Monaten) |
|---|
| Moderieren | 13.07.2025 09:47 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 316276 [Teledyne FLIR FB-Series O/FLIR FH-Series ID 1.3.2.16 runcmd.sh sendCommand cmd erweiterte Rechte] |
|---|
| Punkte | 19 |
|---|