Directory Traversal Vulnerability in FLIR AX8 Thermal Sensor Cameras
CVE-2022-37060

7.5HIGH

Key Information:

Vendor: Flir
Status: Flir Ax8 Firmware
Vendor: CVE Published:; 18 August 2022

What is CVE-2022-37060?

The FLIR AX8 thermal sensor cameras, specifically versions up to and including 1.46.16, have a vulnerability that allows directory traversal. This occurs due to inadequate access restrictions, enabling an unauthenticated remote attacker to exploit the device by crafting a URI that includes directory traversal characters. This exploitation can lead to the disclosure of sensitive files located outside the server's designated restricted path, posing a significant risk to system integrity and confidentiality.

References

https://www.flir.com/products/ax8-automation/

https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180...

http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46...

EPSS Score

39% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2022
Vulnerability Reserved
Aug 1, 2022

JSON

Flir

What is CVE-2022-37060?

References

EPSS Score

CVSS V3.1

Timeline