Encryption Vulnerability in Teledyne FLIR M300
CVE-2023-46294

Currently unrated

Key Information:

Vendor: Teledyne FLIR
Vendor: CVE Published:; 1 May 2024

🔔 Create Teledyne FLIR Vulnerability Alert

What is CVE-2023-46294?

An encryption vulnerability exists within the Teledyne FLIR M300, which affects version 2.00-19. This issue stems from the local encryption of user account passwords that can be decrypted into cleartext using the utility umSetup. The utility requires root permissions for execution, posing a significant security risk if unauthorized users gain access to root privileges. This vulnerability highlights the need for improved password handling and encryption protocols to safeguard user data against unauthorized access, thereby enhancing the overall security of the system.

References

https://Loudmouth.io

https://gitlab.com/loudmouth-security/vulnerability-discl...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2024
Vulnerability Reserved
Oct 21, 2023