Improper Authorization Vulnerability in FLIR AX8 Thermal Cameras
CVE-2024-3013

5.3MEDIUM

Key Information:

Vendor

Teledyne Flir

Status
Ax8
Vendor
CVE Published:
28 March 2024

Badges

👾 Exploit Exists

What is CVE-2024-3013?

An improper authorization vulnerability exists in the FLIR AX8 thermal camera system affecting versions prior to 1.46.16. This flaw stems from a weakness in the user registration component located in /tools/test_login.php?action=register, allowing unauthorized users to register accounts without proper validation. As a result, attackers can potentially gain access to sensitive information and functionalities remotely. The vulnerability has been publicly disclosed, raising significant concerns regarding the security of the affected devices. Users of the FLIR AX8 are urged to review their security posture and consider applying necessary updates or mitigating measures.

Affected Version(s)

AX8 1.46.0

AX8 1.46.1

AX8 1.46.2

References

https://vuldb.com/?id.258299
vdb-entrytechnical-description
https://vuldb.com/?ctiid.258299
signaturepermissions-required
https://vuldb.com/?submit.301588
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

H0e4a0r1t (VulDB User)
JSON
.
CVE-2024-3013 : Improper Authorization Vulnerability in FLIR AX8 Thermal Cameras