Flir Ax8 Firmware vulnerabilities
14 known vulnerabilities affecting flir/flir_ax8_firmware.
Total CVEs
14
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH6MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-37061P1CRITICALCVSS 9.8ExploitedPoC≤ 1.46.162022-08-18
CVE-2022-37061 [CRITICAL] CWE-78 CVE-2022-37061: All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Com
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow the attacker to execute arbitrary commands on the under
nvd
CVE-2023-51126P2CRITICALCVSS 9.8≤ 1.46.162024-01-10
CVE-2023-51126 [CRITICAL] CWE-77 CVE-2023-51126: Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to ru
Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 20
nvd
CVE-2024-3013P2HIGHCVSS 8.8≥ 1.46.0, ≤ 1.46.162024-03-28
CVE-2024-3013 [HIGH] CWE-266 CVE-2024-3013: A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown functio
A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/test_login.php?action=register of the component User Registration. Executing manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. Upgrading to versio
nvd
CVE-2018-25138P2CRITICALCVSS 9.8v1.32.16v1.17.132025-12-24
CVE-2018-25138 [CRITICAL] CWE-798 CVE-2018-25138: FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be cha
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and password combinations.
nvd
CVE-2025-5126P2HIGHCVSS 8.8≥ 1.46.0, ≤ 1.46.162025-05-24
CVE-2025-5126 [HIGH] CWE-74 CVE-2025-5126: A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the functio
A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be initiated remotely. The exploit has been made public and could be
nvd
CVE-2022-4364P2CRITICALCVSS 9.8≥ 1.46.0, < 1.46.162022-12-08
CVE-2022-4364 [CRITICAL] CWE-74 CVE-2022-4364: A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some un
A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and m
nvd
CVE-2022-37060P3HIGHCVSS 7.5≤ 1.46.162022-08-18
CVE-2022-37060 [HIGH] CWE-22 CVE-2022-37060: FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Trave
FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files located outside of the server's restricted path. NOTE: The ve
nvd
CVE-2025-6266P3CRITICALCVSS 9.8fixed in 1.49.162025-06-19
CVE-2025-6266 [CRITICAL] CWE-284 CVE-2025-6266: A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an u
A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing manipulation of the argument File results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 1.49.16 addresse
nvd
CVE-2022-37062P3HIGHCVSS 7.5≤ 1.46.162022-08-18
CVE-2022-37062 [HIGH] CWE-306 CVE-2022-37062: All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker
nvd
CVE-2023-51127P3HIGHCVSS 7.5v1.46.162024-01-10
CVE-2023-51127 [HIGH] CWE-22 CVE-2023-51127: FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal du
FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file. NOTE: The vendor has stated that with the introduction of fir
nvd
CVE-2018-25139P3HIGHCVSS 7.5v1.32.16v1.17.132025-12-24
CVE-2018-25139 [HIGH] CWE-306 CVE-2018-25139: FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attacke
FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage.
nvd
CVE-2025-5695P3MEDIUMCVSS 4.7≥ 1.46.0, ≤ 1.46.162025-06-05
CVE-2025-5695 [MEDIUM] CWE-74 CVE-2025-5695: A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscri
A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclose
nvd
CVE-2025-5127P4MEDIUMCVSS 5.4≥ 1.46.0, ≤ 1.46.162025-05-24
CVE-2025-5127 [MEDIUM] CWE-79 CVE-2025-5127: A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown p
A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.49.16 is capable of add
nvd
CVE-2022-37063P4MEDIUMCVSS 5.4≤ 1.46.162022-08-18
CVE-2022-37063 [MEDIUM] CWE-79 CVE-2022-37063: All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Sit
All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit could allow the attacker to insert malicious JavaScript code. NOTE: The v
nvd