CVSS: 7.8EPSS: 5%CPEs: 2EXPL: 3CVE-2022-37060 – FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS
https://notcve.org/view.php?id=CVE-2022-37060
18 Aug 2022 — FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files located outside of the server's restricted path. Las cámaras de sensor térmico FLIR AX8, versiones hasta 1.46.16 incluyéndola, son vulnerables a un Salto de Directorio debido a una restricción de acceso inapropiada. Un ... • https://packetstorm.news/files/id/168116 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 92%CPEs: 2EXPL: 8CVE-2022-37061 – FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS
https://notcve.org/view.php?id=CVE-2022-37061
18 Aug 2022 — All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the root privileges. Todas las cámaras térmicas FLIR AX8 versiones hasta 1.46.16, son vulnerables a una Inyección de Comandos Remotos.... • https://packetstorm.news/files/id/168116 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-12920
https://notcve.org/view.php?id=CVE-2018-12920
28 Jun 2018 — Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI. Los dispositivos Brickstream 2300 permiten que los atacantes remotos obtengan información potencialmente sensible mediante una petición directa a los URI basic.html#ipsettings o basic.html#datadelivery. • https://www.seebug.org/vuldb/ssvid-97370 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-3813
https://notcve.org/view.php?id=CVE-2018-3813
01 Jan 2018 — getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. getConfigExportFile.cgi en los dispositivos FLIR Brickstream 2300 en su versión 2.0 4.1.53.166 tiene un control de acceso incorrecto, tal y como se demuestra leyendo los campos AVI_USER_ID y AVI_USER_PASSWORD mediante una petición directa. • http://misteralfa-hack.blogspot.cl/2018/01/brickstream-recuento-y-seguimiento-de.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •