CVE-2023-46295

Name of the Vulnerable Software and Affected Versions Teledyne FLIR M300 versions 2.00 through 2.00-19

Description An issue was discovered in the web server of the affected software, allowing unauthenticated remote code execution. This can be exploited by sending a POST request to the vulnerable PHP page, potentially enabling an attacker to elevate to root permissions with Sudo.

Recommendations For Teledyne FLIR M300 versions 2.00 through 2.00-19, consider disabling the vulnerable PHP page until a patch is available to prevent exploitation. Restrict access to the web server to minimize the risk of remote code execution. Avoid using Sudo permissions for attackers to elevate their privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.