CVE-2023-51126

CVSS 9.8 CRITICALEPSS 31.1%CWE-77

Vexday Risk Score

40Attention

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.8EPSS 31.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

10 Jan 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/risuxx/CVE-2023-51126