Lin Xinkang

**Name of the Vulnerable Software and Affected Versions** FLIR AX8 versions up to 1.46.16 **Description** A command injection issue exists in the /usr/www/res.php file, allowing attackers to execute arbitrary commands by manipulating the `value` parameter. **Recommendations** For FLIR AX8 versions up to 1.46.16, update to a version later than 1.46.16 to resolve the issue. As a temporary workaround, consider restricting access to the /usr/www/res.php file to minimize the risk of exploitation. Avoid using the `value` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FLIR AX8 thermal sensor cameras up to and including 1.46.16 **Description** The issue is related to Directory Traversal due to improper access restriction, allowing an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file. **Recommendations** For FLIR AX8 thermal sensor cameras up to and including 1.46.16, consider restricting access to the upload feature to prevent exploitation until a patch is available. As a temporary workaround, avoid using the upload feature for symbolic link files until the issue is resolved.