CVE-2023-46294

LOW

Teledyne FLIR M300 <2.00-19 - Info Disclosure

Title source: llm

Description

An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root permissions to execute.

Exploits (1)

gitlab WRITEUP

by Manouchehri · poc

https://gitlab.com/Manouchehri/cve-2023-46294

View Code ZIP pw:eip

References (2)

[Various Sources] https://Loudmouth.io

[Various Sources] https://gitlab.com/loudmouth-security/vulnerability-disclosures/cve-2023-46294

Scores

CVSS v3 3.4

EPSS 0.0002

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-312

Status published

Published May 01, 2024

Tracked Since Feb 18, 2026