Submit #55748: FLIR-AX8 palette.php command execution vulnerability情報

TitleFLIR-AX8 palette.php command execution vulnerability
DescriptionFLIR AX8 web services have an unauthorized remote code execution vulnerability that allows an attacker to obtain device privileges and execute arbitrary commands with root privileges. Vulnerability Affected Version: Firmware version <= v1.46.16 Web component version <= v1.0.7.20 In the www directory, the palette.php program receives a POST method request, if there is a palette parameter, the program will concatenate the value of the palette with LD_LIBRARY_PATH=/FLIR/usr/lib /FLIR/usr/bin/palette, if the palette contains a command truncator, it will cause command injection.
Source⚠️ https://github.com/siriuswhiter/VulnHub/blob/main/Flir/02-FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E1.md
Userireading (ID 36553)
Submission2022年12月08日 14:18 (1 Year ago)
Moderation2022年12月08日 15:45 (1 hour later)
Accepted
承諾済み
VulDB EntryVDB-215118

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!