CVE-2022-37062

Name of the Vulnerable Software and Affected Versions FLIR AX8 thermal sensor cameras version up to and including 1.46.16

Description The issue is due to an improper directory access restriction, allowing an unauthenticated, remote attacker to exploit it by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords.

Recommendations For versions up to and including 1.46.16, update to a version later than 1.46.16 to resolve the issue. As a temporary workaround, consider restricting access to the SQLite users database to minimize the risk of exploitation. Avoid using URIs that contain the path of the SQLite users database until the issue is resolved.