Unauthenticated Remote Code Execution in Teledyne FLIR M300
CVE-2023-46295

9.8CRITICAL

Key Information:

Vendor: Teledyne FLIR
Vendor: CVE Published:; 1 May 2024

🔔 Create Teledyne FLIR Vulnerability Alert

What is CVE-2023-46295?

A vulnerability exists in the Teledyne FLIR M300 that allows unauthenticated remote code execution via the vulnerable web server. This issue can be exploited by an attacker who sends a specially crafted POST request to a PHP page, potentially leading to escalation of privileges to root permissions using Sudo commands. This flaw poses significant security risks, enabling unauthorized parties to execute arbitrary code and gain control over the affected system.

References

https://gitlab.com/loudmouth-security/vulnerability-discl...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2024
Vulnerability Reserved
Oct 21, 2023

CVE-2023-46295 Data

JSON