CVE-2023-51126

CVSS 9.8 CRITICALEPSS 31.1%CWE-77

Vexday Risk Score

40Atenção

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.8EPSS 31.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

10 jan 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/risuxx/CVE-2023-51126