Search
Search Results (26 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5126 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-10-15 | 8.8 High |
| A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. Upgrading to version 1.49.16 is able to resolve this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities." | ||||
| CVE-2024-3013 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-10-15 | 6.3 Medium |
| A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/test_login.php?action=register of the component User Registration. Executing manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. Upgrading to version 1.49.16 is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities." | ||||
| CVE-2022-4364 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-10-15 | 7.3 High |
| A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 can resolve this issue. Upgrading the affected component is advised. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities." | ||||
| CVE-2023-29861 | 1 Flir | 2 Dvtel Camera, Dvtel Camera Firmware | 2025-01-31 | 9.8 Critical |
| An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device. | ||||
| CVE-2018-3813 | 1 Flir | 6 Brickstream 2300 2d, Brickstream 2300 2d Firmware, Brickstream 2300 3d and 3 more | 2024-11-21 | N/A |
| getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. | ||||
| CVE-2018-12920 | 1 Flir | 2 Brickstream 2300, Brickstream 2300 Firmware | 2024-11-21 | 7.5 High |
| Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI. | ||||