Invia #609551: FLIR FLIR FB-Series O FLIR FB-Series O and ID Firmware, Version 1.3.2.16 Command Injectioninformazioni

TitoloFLIR FLIR FB-Series O FLIR FB-Series O and ID Firmware, Version 1.3.2.16 Command Injection
DescrizioneThe built-in `sendCommand()` function in the production.html page is intended to call the backend `runcmd.sh` script to execute arbitrary commands, with a hardcoded backdoor password. Although this functionality is currently disabled due to server CGI configuration errors, it is essentially a "time bomb" waiting to be activated.
Fonte⚠️ https://github.com/waiwai24/0101/blob/main/CVEs/FLIR/Command_Injection_Vulnerability_in_Developer_Backdoor_Page.md
Utente
 waiwai24 (UID 81637)
Sottomissione04/07/2025 21:14 (12 mesi fa)
Moderazione13/07/2025 09:47 (9 days later)
StatoAccettato
Voce VulDB316276 [Teledyne FLIR FB-Series O/FLIR FH-Series ID 1.3.2.16 runcmd.sh sendCommand cmd escalationi di privilegi]
Punti19

PrecedenteVisione D'ensembleIl prossimo

Do you know our Splunk app?

Download it now for free!