CVE-2023-51126 PoC — Teledyne FLIR AX8 安全漏洞

Source

https://github.com/risuxx/CVE-2023-51126

Associated Vulnerability

Title:Teledyne FLIR AX8 安全漏洞 (CVE-2023-51126)
Description:Teledyne FLIR AX8是美国Teledyne FLIR公司的一系列热监控摄像头。 Teledyne FLIR AX8 存在安全漏洞，该漏洞源于 /usr/www/res.php 页面的 value 参数存在任意命令执行漏洞。

Readme

# CVE-2023-51126
FLIR AX8 up to 1.46.16 is vulnerable to command injection via /usr/www/res.php.

### VulnerabilityType Other
command injection

### Vendor of Product
FLIR

### Affected Component
in /usr/www/res.php. The parameter `value` can inject the command and exec it.

### Attack Type
Remote

### Impact Code execution
true

### Reference
https://aux1.preditec.com/

### Discoverer
Lin Xinkang from Wuhan University

This page will be used to disclose information about CVE-2023-51126, and may be updated with the PoC for the exploit later.

File Snapshot


 [4.0K]  /data/pocs/da07998a08f2cb13a54f7c45cf60f86fdea0d668
└── [ 548]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!