CVE-2023-51126

EPSS 25.93%
Veröffentlicht 10.01.2024 21:15:09
Zuletzt bearbeitet 17.10.2025 20:15:36
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Flir ≫ Flir Ax8 Firmware Version <= 1.46.16

Flir ≫ Flir Ax8 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	25.93%	0.961

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://github.com/risuxx/CVE-2023-51126

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-51126

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-51126

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-51126

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-51126