CVE-2023-51126

Published: Jan 10, 2024Modified: Oct 17, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

Affected (1)

Products: Flir: Flir Ax8 Firmware

1 product

Flir Ax8 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Flir Flir Ax8 Firmware	Up to 1.46.16

Running on/with	Platform Versions
Flir Flir Ax8	All versions

Related CWEs

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://github.com/risuxx/CVE-2023-51126

Source: cve@mitre.org

Third Party Advisory

https://github.com/risuxx/CVE-2023-51126

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.