CVE-2024-3013
published 2024-03-28CVE-2024-3013: A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/test_login.php?action=register of the…
PriorityP267high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
22.99%
97.5th percentile
A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/test_login.php?action=register of the component User Registration. Executing manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. Upgrading to version 1.49.16 is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flir | flir_ax8_firmware | 1.46.0 – 1.46.16 | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
| teledyne_flir | ax8 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS FLIR test_login.php action Parameter Authentication Bypass Attempt (CVE-2024-3013)"; flow:established,to_server; http.uri; bsize:37; content:"/tools/test_login.php|3f|action|3d|register"; reference:url,www.cve.org/CVERecord?id=CVE-2024-3013; reference:cve,2024-3013; classtype:attempted-admin; sid:2065893; rev:1; metadata:affected_product FLIR, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_11_24, cve CVE_2024_3013, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_11_24, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
- →Match HTTP requests to URI path '/tools/test_login.php' with the 'action=register' parameter (hex-encoded as '|3f|action|3d|register'). The Snort/Suricata rule enforces an exact URI byte size of 37 to reduce false positives.
- →The attack is performed over plaintext HTTP (tls_state: plaintext) from any external source to internal network assets (Networking Equipment). Prioritise perimeter and internal deployment points for detection.
- ·The Snort rule (sid:2065893) targets plaintext HTTP only. If the FLIR AX8 web interface is tunnelled or proxied over TLS in your environment, this rule will not fire and additional coverage is needed.
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS FLIR test_login.php action Parameter Authentication Bypass Attempt (CVE-2024-3013)
suricata·2025-11-24·CVSS 5.3
CVE-2024-3013 [MEDIUM] ET WEB_SPECIFIC_APPS FLIR test_login.php action Parameter Authentication Bypass Attempt (CVE-2024-3013)
ET WEB_SPECIFIC_APPS FLIR test_login.php action Parameter Authentication Bypass Attempt (CVE-2024-3013)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS FLIR test_login.php action Parameter Authentication Bypass Attempt (CVE-2024-3013)"; flow:established,to_server; http.uri; bsize:37; content:"/tools/test_login.php|3f|action|3d|register"; reference:url,www.cve.org/CVERecord?id=CVE-2024-3013; reference:cve,2024-3013; classtype:attempted-admin; sid:2065893; rev:1; metadata:affected_product FLIR, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_11_24, cve CVE_2024_3013, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at
No public exploits indexed.
No writeups or analysis indexed.
https://h0e4a0r1t.github.io/2024/vulns/FLIR-AX8%20Fixed%20Thermal%20Cameras%20Register%20any%20user%20in%20the%20background--test_login.php.pdfhttps://vuldb.com/?ctiid.258299https://vuldb.com/?id.258299https://vuldb.com/?submit.301588https://h0e4a0r1t.github.io/2024/vulns/FLIR-AX8%20Fixed%20Thermal%20Cameras%20Register%20any%20user%20in%20the%20background--test_login.php.pdfhttps://vuldb.com/?ctiid.258299https://vuldb.com/?id.258299https://vuldb.com/?submit.301588
2024-03-28
Published