Vulnerability Details : CVE-2022-37060
FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files located outside of the server's restricted path.
Vulnerability category: Directory traversal
Products affected by CVE-2022-37060
- cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-37060
51.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-37060
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-37060
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-37060
-
https://www.flir.com/products/ax8-automation/
FLIR AX8 Thermal Imaging Camera For Condition and Safety Monitoring | Teledyne FLIRProduct;Vendor Advisory
-
http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html
FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5493.php
Zero Science Lab » FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Arbitrary File DisclosureThird Party Advisory
-
https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899
Page not found · GitHub · GitHubExploit;Mitigation;Third Party Advisory
Jump to