Directory Traversal Vulnerability in FLIR AX8 Thermal Sensor Cameras
CVE-2023-51127

7.5HIGH

Key Information:

Vendor: FLIR Systems
Status: Flir Ax8 Firmware
Vendor: CVE Published:; 10 January 2024

🔔 Create FLIR Systems Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-51127?

The FLIR AX8 thermal sensor cameras, up to and including version 1.46.16, exhibit a vulnerable state due to flawed access restrictions, enabling directory traversal attacks. This vulnerability permits unauthenticated remote attackers to exploit the system by uploading a carefully crafted symbolic link file. Consequently, attackers can gain unauthorized access to sensitive files, posing significant security risks to the device and its data integrity.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-51127
Created by risuxx

References

https://github.com/risuxx/CVE-2023-51127

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2024
🟡
Public PoC available
Jan 2, 2024
👾
Exploit known to exist
Jan 2, 2024
Vulnerability Reserved
Dec 18, 2023

JSON