Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-37061 PoC — Teledyne FLIR AX8 操作系统命令注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-37061.yaml
Associated Vulnerability
Title:Teledyne FLIR AX8 操作系统命令注入漏洞 (CVE-2022-37061)
Description:Teledyne FLIR AX8是美国Teledyne FLIR公司的一系列热监控摄像头。 Teledyne FLIR AX8 thermal sensor cameras 1.46.16及之前的版本存在操作系统命令注入漏洞,该漏洞源于攻击者可以通过res.php端点中的id HTTP POST参数导致使用根权限在底层操作系统上执行任意命令。
Description
FLIR AX8 version 1.46.16 and below is susceptible to an unauthenticated remote command injection vulnerability.The vulnerability exists in the alarm functionality where user-supplied input in the 'id' parameter is not properly sanitized,allowing attackers to inject and execute arbitrary OS commands.
File Snapshot

 id: CVE-2022-37061

info:
  name: FLIR AX8 1.46.16 - Remote Command Injection
  author: ritikchaddha

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.