CVE Vulnerability

CVE-2022-37060

FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files located outside of the server's restricted path.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899 Exploit Mitigation
https://www.flir.com/products/ax8-automation/ Product Vendor Advisory
http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html Exploit Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5493.php Third Party Advisory
Configurations

Configuration 1
Information

Published : 2022-08-18 05:15

Updated : 2022-12-12 09:11

NVD link : CVE-2022-37060

Mitre link : CVE-2022-37060

Products Affected
No products.
CWE
CWE-22