Submeter #609551: FLIR FLIR FB-Series O FLIR FB-Series O and ID Firmware, Version 1.3.2.16 Command Injectioninformação

TítuloFLIR FLIR FB-Series O FLIR FB-Series O and ID Firmware, Version 1.3.2.16 Command Injection
DescriçãoThe built-in `sendCommand()` function in the production.html page is intended to call the backend `runcmd.sh` script to execute arbitrary commands, with a hardcoded backdoor password. Although this functionality is currently disabled due to server CGI configuration errors, it is essentially a "time bomb" waiting to be activated.
Fonte⚠️ https://github.com/waiwai24/0101/blob/main/CVEs/FLIR/Command_Injection_Vulnerability_in_Developer_Backdoor_Page.md
Utilizador
 waiwai24 (UID 81637)
Submissão04/07/2025 21h14 (há 12 meses)
Moderação13/07/2025 09h47 (9 days later)
EstadoAceite
Entrada VulDB316276 [Teledyne FLIR FB-Series O/FLIR FH-Series ID 1.3.2.16 runcmd.sh sendCommand cmd Elevação de Privilégios]
Pontos19

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!