EIP-2026-101735

PRE-CVE

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101735. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated arbitrary file disclosure vulnerability in FLIR AX8 Thermal Camera firmware versions 1.32.16 and 1.17.13. The vulnerability allows an attacker to read sensitive files by manipulating the 'file' parameter in the download.php script.

Description

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/45597

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated arbitrary file disclosure vulnerability in FLIR AX8 Thermal Camera firmware versions 1.32.16 and 1.17.13. The vulnerability allows an attacker to read sensitive files by manipulating the 'file' parameter in the download.php script.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: FLIR AX8 Thermal Camera (Firmware: 1.32.16, 1.17.13)

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026