Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Teledyne FLIR FB-Series O/FLIR FH-Series ID runcmd.sh sendCommand command injection
Vulnerability Description
A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been declared as critical. This vulnerability affects the function sendCommand of the file runcmd.sh. The manipulation of the argument cmd leads to command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The researcher highlights, that "[a]lthough this functionality is currently disabled due to server CGI configuration errors, it is essentially a 'time bomb' waiting to be activated". The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Teledyne FLIR FB-Series O和Teledyne FLIR FH-Series ID 注入漏洞
Vulnerability Description
Teledyne FLIR FB-Series O和Teledyne FLIR FH-Series ID都是美国Teledyne FLIR公司的一系列热成像摄像头。 Teledyne FLIR FB-Series O和Teledyne FLIR FH-Series ID 1.3.2.16版本存在注入漏洞,该漏洞源于文件runcmd.sh中参数cmd的错误操作导致命令注入。
CVSS Information
N/A
Vulnerability Type
N/A