cvedb.io
CVE-2022-4364
HIGH · CVSS 7.3
EPSS exploitation probability: 0%
Published 2022-12-08T15:15:10.080 · Last modified 2026-06-17T05:20:42.047

Summary

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 can resolve this issue. Upgrading the affected component is advised. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."

Affected products

flir — flir_ax8_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when flir ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.