漏洞描述
【漏洞对象】FLIR AX8 Thermal Camera 【涉及版本】FLIR AX8 Thermal Camera 1.32.16 【漏洞描述】 FLIRAX8 Thermal Camera1.32.16设备在其Linux发行版中使用了硬编码和凭证。这些凭证集(SSH)不能通过相机的任何正常操作进行更改。攻击者可以利用这一点通过使用web面板的默认凭证登录或获取漏洞shell访问。
FLIR AX8 Thermal Camera 1.32.16-硬编码凭证
PoC代码
暂无相关漏洞推荐
- POC CVE-2006-3392: Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
- POC CVE-2011-3600: Apache OFBiz - XML External Entity Injection
- POC CVE-2015-8350: WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
- POC CVE-2016-15043: WP Mobile Detector <= 3.5 - Unrestricted File Upload
- POC CVE-2017-11107: phpLDAPadmin <= 1.2.3 - Reflected XSS
- POC CVE-2017-17762: Episerver 7 - Blind XML External Entity Injection
- POC CVE-2017-18580: WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution
- POC CVE-2017-20192: Formidable Forms < 2.05.02 - Cross-Site Scripting
- POC CVE-2018-10245: AWStats <= 7.5 - Full Path Disclosure
- POC CVE-2018-6961: VMware NSX SD-WAN Edge - Command Injection
- POC CVE-2018-9206: Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload
- POC CVE-2019-11253: Kubernetes API Server - YAML Parsing DoS (Billion Laughs)
- POC CVE-2019-15823: WPS Hide Login <= 1.5.2.2 - Login Page Bypass