CVE-2023-51126

CRITICAL

FLIR AX8 <1.49.16 - Command Injection

Title source: llm

Description

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

Exploits (1)

nomisec WRITEUP 1 stars

by risuxx · poc

https://github.com/risuxx/CVE-2023-51126

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/risuxx/CVE-2023-51126

Scores

CVSS v3 9.8

EPSS 0.1623

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (1)

flir/flir_ax8_firmware < 1.46.16

Published Jan 10, 2024

Tracked Since Feb 18, 2026