Submit #55748: FLIR-AX8 palette.php command execution vulnerability
Title | FLIR-AX8 palette.php command execution vulnerability |
---|---|
Description | FLIR AX8 web services have an unauthorized remote code execution vulnerability that allows an attacker to obtain device privileges and execute arbitrary commands with root privileges. Vulnerability Affected Version: Firmware version <= v1.46.16 Web component version <= v1.0.7.20 In the www directory, the palette.php program receives a POST method request, if there is a palette parameter, the program will concatenate the value of the palette with LD_LIBRARY_PATH=/FLIR/usr/lib /FLIR/usr/bin/palette, if the palette contains a command truncator, it will cause command injection. |
Source | ⚠️ https:/ |
User | ireading (ID 36553) |
Submission | 2022年12月08日 14:18 (1 Year ago) |
Moderation | 2022年12月08日 15:45 (1 hour later) |
Accepted | 承諾済み |
VulDB Entry | VDB-215118 |