CVE-2022-37061

Name of the Vulnerable Software and Affected Versions FLIR AX8 thermal sensor cameras version up to and including 1.46.16

Description The issue allows for Remote Command Injection, which can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the "res.php" endpoint. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

Recommendations For FLIR AX8 thermal sensor cameras version up to and including 1.46.16, consider disabling access to the "res.php" endpoint until a patch is available. As a temporary workaround, restrict the use of the id parameter in the HTTP POST requests to minimize the risk of exploitation.