PT-2025-29428 · Teledyne Flir · Teledyne Flir Fb-Series O+1
Waiwai24
·
Published
2025-07-14
·
Updated
2025-07-14
·
CVE-2025-7578
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
Teledyne FLIR FB-Series O and FLIR FH-Series version 1.3.2.16
Description:
A critical issue exists in the
sendCommand function of the runcmd.sh file. Manipulation of the cmd argument can lead to command injection. The attack can be initiated remotely, but is considered complex and difficult to exploit. The functionality is currently disabled due to server CGI configuration errors, but is considered a potential risk. The vendor was contacted but did not respond.Recommendations:
Versions prior to 1.3.2.16: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Special Elements Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Flir Fh-Series Id
Teledyne Flir Fb-Series O