7.5
CVE-2022-37060
- EPSS 39.51%
- Veröffentlicht 18.08.2022 17:15:08
- Zuletzt bearbeitet 17.10.2025 20:15:35
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginFLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files located outside of the server's restricted path. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Flir ≫ Flir Ax8 Firmware Version <= 1.46.16
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 39.51% | 0.971 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.