Unauthenticated Remote Code Execution in Teledyne FLIR M300
CVE-2023-46295

Currently unrated

Key Information:

Vendor: Teledyne FLIR
Vendor: CVE Published:; 1 May 2024

🔔 Create Teledyne FLIR Vulnerability Alert

What is CVE-2023-46295?

A vulnerability exists in the Teledyne FLIR M300 that allows unauthenticated remote code execution via the vulnerable web server. This issue can be exploited by an attacker who sends a specially crafted POST request to a PHP page, potentially leading to escalation of privileges to root permissions using Sudo commands. This flaw poses significant security risks, enabling unauthorized parties to execute arbitrary code and gain control over the affected system.

References

https://gitlab.com/loudmouth-security/vulnerability-discl...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2024
Vulnerability Reserved
Oct 21, 2023