| 제목 | FLIR FLIR FB-Series O FLIR FB-Series O and ID Firmware, Version 1.3.2.16 Command Injection |
|---|
| 설명 | The built-in `sendCommand()` function in the production.html page is intended to call the backend `runcmd.sh` script to execute arbitrary commands, with a hardcoded backdoor password. Although this functionality is currently disabled due to server CGI configuration errors, it is essentially a "time bomb" waiting to be activated. |
|---|
| 원천 | ⚠️ https://github.com/waiwai24/0101/blob/main/CVEs/FLIR/Command_Injection_Vulnerability_in_Developer_Backdoor_Page.md |
|---|
| 사용자 | waiwai24 (UID 81637) |
|---|
| 제출 | 2025. 07. 04. PM 09:14 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 13. AM 09:47 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 316276 [Teledyne FLIR FB-Series O/FLIR FH-Series ID 1.3.2.16 runcmd.sh sendCommand cmd 권한 상승] |
|---|
| 포인트들 | 19 |
|---|