CVE-2023-51126

CRITICAL

FLIR AX8 <1.49.16 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-51126. PoCs published by risuxx.

AI-analyzed exploit summary The repository describes a command injection vulnerability in FLIR AX8 up to version 1.46.16, where the `value` parameter in `/usr/www/res.php` can be exploited for remote code execution. The README provides technical details about the affected component and attack type but lacks a functional PoC.

Description

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

Exploits (1)

nomisec WRITEUP 1 stars
by risuxx · poc
https://github.com/risuxx/CVE-2023-51126

The repository describes a command injection vulnerability in FLIR AX8 up to version 1.46.16, where the `value` parameter in `/usr/www/res.php` can be exploited for remote code execution. The README provides technical details about the affected component and attack type but lacks a functional PoC.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: FLIR AX8 up to 1.46.16
No auth needed
Prerequisites: Network access to the vulnerable endpoint
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.3110
EPSS Percentile 98.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-77
Status published
Products (1)
flir/flir_ax8_firmware < 1.46.16
Published Jan 10, 2024
Tracked Since Feb 18, 2026