CVE-2022-37062 (GCVE-0-2022-37062)
Vulnerability from cvelistv5 – Published: 2022-08-18 17:05 – Updated: 2025-10-17 19:17
VLAI?
Summary
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.flir.com/products/ax8-automation/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T19:17:22.903Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.flir.com/products/ax8-automation/"
},
{
"url": "https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899"
},
{
"url": "http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.flir.com/products/ax8-automation/",
"refsource": "MISC",
"url": "https://www.flir.com/products/ax8-automation/"
},
{
"name": "https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899",
"refsource": "MISC",
"url": "https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899"
},
{
"name": "http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37062",
"datePublished": "2022-08-18T17:05:48.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2025-10-17T19:17:22.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.46.16\", \"matchCriteriaId\": \"585EFD55-2D2F-4488-AE42-6BA5562FB3A6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A4DACB7-0558-4C74-8EDB-39591236ADEE\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords.\"}, {\"lang\": \"es\", \"value\": \"Todas las c\\u00e1maras de sensor t\\u00e9rmico FLIR AX8, versiones hasta 1.46.16 incluy\\u00e9ndola, est\\u00e1n afectadas por una vulnerabilidad de dise\\u00f1o no seguro debido a una restricci\\u00f3n de acceso al directorio inapropiada. Un atacante remoto no autenticado puede explotar esto mediante el env\\u00edo de un URI que contenga la ruta de la base de datos de usuarios SQLite y descargarla. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir al atacante extraer nombres de usuario y contrase\\u00f1as con hash.\"}]",
"id": "CVE-2022-37062",
"lastModified": "2024-11-21T07:14:22.800",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2022-08-18T18:15:08.360",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.flir.com/products/ax8-automation/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.flir.com/products/ax8-automation/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-37062\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-08-18T18:15:08.360\",\"lastModified\":\"2025-10-17T20:15:35.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.\"},{\"lang\":\"es\",\"value\":\"Todas las c\u00e1maras de sensor t\u00e9rmico FLIR AX8, versiones hasta 1.46.16 incluy\u00e9ndola, est\u00e1n afectadas por una vulnerabilidad de dise\u00f1o no seguro debido a una restricci\u00f3n de acceso al directorio inapropiada. Un atacante remoto no autenticado puede explotar esto mediante el env\u00edo de un URI que contenga la ruta de la base de datos de usuarios SQLite y descargarla. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante extraer nombres de usuario y contrase\u00f1as con hash.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.46.16\",\"matchCriteriaId\":\"585EFD55-2D2F-4488-AE42-6BA5562FB3A6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A4DACB7-0558-4C74-8EDB-39591236ADEE\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.flir.com/products/ax8-automation/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.flir.com/products/ax8-automation/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Vendor Advisory\"]}]}}"
}
}
GHSA-GGQX-C747-H3G6
Vulnerability from github – Published: 2022-08-19 00:00 – Updated: 2025-10-17 21:31
VLAI?
Details
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2022-37062"
],
"database_specific": {
"cwe_ids": [
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-18T18:15:00Z",
"severity": "HIGH"
},
"details": "All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords.",
"id": "GHSA-ggqx-c747-h3g6",
"modified": "2025-10-17T21:31:17Z",
"published": "2022-08-19T00:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37062"
},
{
"type": "WEB",
"url": "https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899"
},
{
"type": "WEB",
"url": "https://www.flir.com/products/ax8-automation"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2022-37062
Vulnerability from fkie_nvd - Published: 2022-08-18 18:15 - Updated: 2025-10-17 20:15
Severity ?
Summary
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html | Broken Link | |
| cve@mitre.org | https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899 | Exploit, Mitigation, Third Party Advisory | |
| cve@mitre.org | https://www.flir.com/products/ax8-automation/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.flir.com/products/ax8-automation/ | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flir | flir_ax8_firmware | * | |
| flir | flir_ax8 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "585EFD55-2D2F-4488-AE42-6BA5562FB3A6",
"versionEndIncluding": "1.46.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4DACB7-0558-4C74-8EDB-39591236ADEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16."
},
{
"lang": "es",
"value": "Todas las c\u00e1maras de sensor t\u00e9rmico FLIR AX8, versiones hasta 1.46.16 incluy\u00e9ndola, est\u00e1n afectadas por una vulnerabilidad de dise\u00f1o no seguro debido a una restricci\u00f3n de acceso al directorio inapropiada. Un atacante remoto no autenticado puede explotar esto mediante el env\u00edo de un URI que contenga la ruta de la base de datos de usuarios SQLite y descargarla. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante extraer nombres de usuario y contrase\u00f1as con hash."
}
],
"id": "CVE-2022-37062",
"lastModified": "2025-10-17T20:15:35.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-18T18:15:08.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.flir.com/products/ax8-automation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.flir.com/products/ax8-automation/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2022-37062
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-37062",
"description": "All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords.",
"id": "GSD-2022-37062"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-37062"
],
"details": "All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords.",
"id": "GSD-2022-37062",
"modified": "2023-12-13T01:19:13.467472Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.flir.com/products/ax8-automation/",
"refsource": "MISC",
"url": "https://www.flir.com/products/ax8-automation/"
},
{
"name": "https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899",
"refsource": "MISC",
"url": "https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899"
},
{
"name": "http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.46.16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37062"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899",
"refsource": "MISC",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899"
},
{
"name": "https://www.flir.com/products/ax8-automation/",
"refsource": "MISC",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.flir.com/products/ax8-automation/"
},
{
"name": "http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html",
"refsource": "MISC",
"tags": [
"Broken Link"
],
"url": "http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-10-26T17:01Z",
"publishedDate": "2022-08-18T18:15Z"
}
}
}
VAR-202208-1429
Vulnerability from variot - Updated: 2023-12-18 11:55All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords. FLIR Systems, Inc. of flir ax8 Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. # FLIR AX8 vulnerabilities.
Product description:
The FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual cameras that provides continuous temperature monitoring and alarming for critical electrical and mechanical equipment.
Summary of the 4 vulnerabilities found / What we were able to find:
- [CVE-2022-37061] - Unauthenticated OS Command Injection.
FLIR AX8 is affected by an unauthenticated remote command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in res.php endpoint.
-
[CVE-2022-37060] - Unauthenticated Directory Traversal.
-
[CVE-2022-37062] - Improper Access Control.
-
[CVE-2022-37063] - Reflected cross-site scripting.
FLIR AX8 is affected by a reflected cross-site scripting (XSS) vulnerability due to an improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface.
Step by Step Example (How to Reproduce and verify) the vulnerabilities:
- Unauthenticated Remote Command Injection.
The endpoint /res.php can be called remotely without user authentication as there is no cookie verification Cookie: PHPSESSID=ID to check if the request is legitimate. The second problem is that the POST parameter id can be injected to execute any Linux command. In the example below we create a crafted query that displays the contents of the /etc/shadow file.
The server returns a JSON response containing the contents of the /etc/shadow file. This command injection is due because there no sanitization check on the variable $_POST["id"], line 65, and can therefore take advantage of the shell_exec() function to execute unexpected arbitrary shell commands.
- Unauthenticated Directory Traversal.
The endpoint /download.php can be called remotely without user authentication as there is no cookie verification Cookie: PHPSESSID=ID to check if the request is legitimate. The second problem is that the GET parameter file can be injected with a relative file paths and download any files in the system. In the example below we create a crafted query that download the contents of the /etc/passwd file.
The error is due to the fact that there is no sanitization of the $file_path variable, line 26, when the fopen() function is called, line 39. However a comment in the code, line 24, and the use of the function pathinfo(), line 28, suggests that the developer thought about this problem and therefore created the variable $path_parts which is sanitized. But for some reasons the developer does not use the sanitizer variable $path_parts when the function fopen() is used. Probably an oversight.
- Improper Access Control.
The endpoint /FLIR/db/users.db can be called remotely without user authentication as there is no cookie verification Cookie: PHPSESSID=ID to check if the request is legitimate and let any malicious actor to download the users.db SQLite database.
- Reflected cross-site scripting.
In the settings tab, if a file with a filename that contains JavaScript code is selected via the update firmware file input the JavaScript code will be triggered and executed. In our example, we created a file call
.run
Recommendations for how to fix the 4 vulnerabilities:
- Vulnerability 1: The variable
$_POST["id"], line 65 in the file/FLIR/usr/www/res.php, must be sanitized using the functionintval()and will remove any character other than integer value.escapeshellcmd()andescapeshellarg()must be also used to escapes any characters in a string that might be used to execute arbitrary commands.
More info: https://www.php.net/intval https://www.php.net/manual/en/function.escapeshellcmd https://www.php.net/manual/en/function.escapeshellarg
- Vulnerability 2: The variable
$file_path, line 39 in the file/FLIR/usr/www/download.php, must be sanitized using the functionpathinfo()but also use a hard coded directory path, in case you need to manage several directories set a whitelist of all allowed directories and use multiple conditions.
More info: https://www.php.net/manual/en/function.pathinfo
- Vulnerability 3: Define a whitelist of all directories that a user is allowed to access. This can be added to the Lighttpd server configuration file, in
/etc/lighttpd.conf.
More info: https://www.cyberciti.biz/tips/howto-lighttpd-enable-disable-directory-listing.html
- Vulnerability 4: To protect against filename XSS attack you can use a regex that will parse the filename to leave only numbers and letters.
More info: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
Reference:
https://www.flir.com/products/ax8-automation/
Security researchers:
- [Thomas Knudsen] (https://www.linkedin.com/in/thomasjknudsen)
- [Samy Younsi] (https://www.linkedin.com/in/samy-younsi)
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1429",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ax8",
"scope": "lte",
"trust": 1.0,
"vendor": "flir",
"version": "1.46.16"
},
{
"model": "ax8",
"scope": "eq",
"trust": 0.8,
"vendor": "flir",
"version": null
},
{
"model": "ax8",
"scope": null,
"trust": 0.8,
"vendor": "flir",
"version": null
},
{
"model": "ax8",
"scope": "lte",
"trust": 0.8,
"vendor": "flir",
"version": "flir ax8 firmware 1.46.16 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014924"
},
{
"db": "NVD",
"id": "CVE-2022-37062"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.46.16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-37062"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samy Younsi",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3377"
}
],
"trust": 0.6
},
"cve": "CVE-2022-37062",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-37062",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-37062",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-3377",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014924"
},
{
"db": "NVD",
"id": "CVE-2022-37062"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3377"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords. FLIR Systems, Inc. of flir ax8 Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. # FLIR AX8 vulnerabilities. \n\n### Product description:\n\nThe FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual cameras that provides continuous temperature monitoring and alarming for critical electrical and mechanical equipment. \n\n\n### Summary of the 4 vulnerabilities found / What we were able to find:\n\n* [CVE-2022-37061] - Unauthenticated OS Command Injection. \n\nFLIR AX8 is affected by an unauthenticated remote command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the `id` HTTP POST parameter in `res.php` endpoint. \n\n* [CVE-2022-37060] - Unauthenticated Directory Traversal. \n\n* [CVE-2022-37062] - Improper Access Control. \n\n* [CVE-2022-37063] - Reflected cross-site scripting. \n\nFLIR AX8 is affected by a reflected cross-site scripting (XSS) vulnerability due to an improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface. \n\n### Step by Step Example (How to Reproduce and verify) the vulnerabilities:\n\n1. Unauthenticated Remote Command Injection. \n\nThe endpoint `/res.php` can be called remotely without user authentication as there is no cookie verification `Cookie: PHPSESSID=ID` to check if the request is legitimate. The second problem is that the POST parameter `id` can be injected to execute any Linux command. In the example below we create a crafted query that displays the contents of the `/etc/shadow` file. \n\nThe server returns a JSON response containing the contents of the `/etc/shadow` file. This command injection is due because there no sanitization check on the variable `$_POST[\"id\"]`, line 65, and can therefore take advantage of the `shell_exec()` function to execute unexpected arbitrary shell commands. \n\n2. Unauthenticated Directory Traversal. \n\nThe endpoint `/download.php` can be called remotely without user authentication as there is no cookie verification `Cookie: PHPSESSID=ID` to check if the request is legitimate. The second problem is that the GET parameter `file` can be injected with a relative file paths and download any files in the system. In the example below we create a crafted query that download the contents of the `/etc/passwd` file. \n\nThe error is due to the fact that there is no sanitization of the `$file_path` variable, line 26, when the `fopen()` function is called, line 39. However a comment in the code, line 24, and the use of the function `pathinfo()`, line 28, suggests that the developer thought about this problem and therefore created the variable `$path_parts` which is sanitized. But for some reasons the developer does not use the sanitizer variable `$path_parts` when the function `fopen()` is used. Probably an oversight. \n\n3. Improper Access Control. \n\nThe endpoint `/FLIR/db/users.db` can be called remotely without user authentication as there is no cookie verification `Cookie: PHPSESSID=ID` to check if the request is legitimate and let any malicious actor to download the `users.db` SQLite database. \n\n4. Reflected cross-site scripting. \n\nIn the settings tab, if a file with a filename that contains JavaScript code is selected via the update firmware file input the JavaScript code will be triggered and executed. In our example, we created a file call \n\n\u003cimg src=x onerror=alert(String.fromCharCode(97,108,101,114,116,40,39,116,101,115,116,39,41,59));\u003e.run\n\n\n### Recommendations for how to fix the 4 vulnerabilities:\n\n* Vulnerability 1: The variable `$_POST[\"id\"]`, line 65 in the file `/FLIR/usr/www/res.php`, must be sanitized using the function `intval()` and will remove any character other than integer value. `escapeshellcmd()` and `escapeshellarg()` must be also used to escapes any characters in a string that might be used to execute arbitrary commands. \n\nMore info: \nhttps://www.php.net/intval\nhttps://www.php.net/manual/en/function.escapeshellcmd\nhttps://www.php.net/manual/en/function.escapeshellarg\n\n\n* Vulnerability 2: The variable `$file_path`, line 39 in the file `/FLIR/usr/www/download.php`, must be sanitized using the function `pathinfo()` but also use a hard coded directory path, in case you need to manage several directories set a whitelist of all allowed directories and use multiple conditions. \n\nMore info:\nhttps://www.php.net/manual/en/function.pathinfo\n\n* Vulnerability 3: Define a whitelist of all directories that a user is allowed to access. This can be added to the Lighttpd server configuration file, in `/etc/lighttpd.conf`. \n\nMore info:\nhttps://www.cyberciti.biz/tips/howto-lighttpd-enable-disable-directory-listing.html\n\n* Vulnerability 4: To protect against filename XSS attack you can use a regex that will parse the filename to leave only numbers and letters. \n\nMore info: \nhttps://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html\n\n### Reference:\nhttps://www.flir.com/products/ax8-automation/\n\n### Security researchers:\n* [Thomas Knudsen] (https://www.linkedin.com/in/thomasjknudsen)\n* [Samy Younsi] (https://www.linkedin.com/in/samy-younsi) \n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-37062"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014924"
},
{
"db": "PACKETSTORM",
"id": "168116"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-37062",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "168116",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014924",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2022080059",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3377",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014924"
},
{
"db": "PACKETSTORM",
"id": "168116"
},
{
"db": "NVD",
"id": "CVE-2022-37062"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3377"
}
]
},
"id": "VAR-202208-1429",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2023-12-18T11:55:45.753000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014924"
},
{
"db": "NVD",
"id": "CVE-2022-37062"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.flir.com/products/ax8-automation/"
},
{
"trust": 2.4,
"url": "https://gist.github.com/nwqda/9e16852ab7827dc62b8e44d6180a6899"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/168116/flir-ax8-1.46.16-traversal-access-control-command-injection-xss.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37062"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-37062/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022080059"
},
{
"trust": 0.1,
"url": "https://cheatsheetseries.owasp.org/cheatsheets/cross_site_scripting_prevention_cheat_sheet.html"
},
{
"trust": 0.1,
"url": "https://www.php.net/intval"
},
{
"trust": 0.1,
"url": "https://www.linkedin.com/in/thomasjknudsen)"
},
{
"trust": 0.1,
"url": "https://www.php.net/manual/en/function.pathinfo"
},
{
"trust": 0.1,
"url": "https://www.php.net/manual/en/function.escapeshellcmd"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37061"
},
{
"trust": 0.1,
"url": "https://www.linkedin.com/in/samy-younsi)"
},
{
"trust": 0.1,
"url": "https://www.cyberciti.biz/tips/howto-lighttpd-enable-disable-directory-listing.html"
},
{
"trust": 0.1,
"url": "https://www.php.net/manual/en/function.escapeshellarg"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37063"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014924"
},
{
"db": "PACKETSTORM",
"id": "168116"
},
{
"db": "NVD",
"id": "CVE-2022-37062"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3377"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014924"
},
{
"db": "PACKETSTORM",
"id": "168116"
},
{
"db": "NVD",
"id": "CVE-2022-37062"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3377"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014924"
},
{
"date": "2022-08-19T19:24:22",
"db": "PACKETSTORM",
"id": "168116"
},
{
"date": "2022-08-18T18:15:08.360000",
"db": "NVD",
"id": "CVE-2022-37062"
},
{
"date": "2022-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3377"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-22T08:25:00",
"db": "JVNDB",
"id": "JVNDB-2022-014924"
},
{
"date": "2022-10-26T17:01:56.470000",
"db": "NVD",
"id": "CVE-2022-37062"
},
{
"date": "2022-08-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3377"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3377"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FLIR\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0flir\u00a0ax8\u00a0 Vulnerability related to lack of authentication for critical functions in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014924"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3377"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…