VYPR

Ax8

by Flir

CVEs (14)

  • CVE-2022-37061CriAug 18, 2022
    risk 0.75cvss 9.8epss 1.00

    All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful…

  • CVE-2023-51126CriJan 10, 2024
    risk 0.66cvss 9.8epss 0.31

    Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be…

  • CVE-2025-5126HigMay 24, 2025
    risk 0.58cvss 8.8epss 0.05

    A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The…

  • CVE-2022-37060HigAug 18, 2022
    risk 0.50cvss 7.5epss 0.15

    FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the…

  • CVE-2023-51127HigJan 10, 2024
    risk 0.49cvss 7.5epss 0.01

    FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted…

  • CVE-2022-37062HigAug 18, 2022
    risk 0.49cvss 7.5epss 0.03

    All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite…

  • CVE-2022-4364HigDec 8, 2022
    risk 0.48cvss 7.3epss 0.04

    A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be…

  • CVE-2024-3013MedMar 28, 2024
    risk 0.43cvss 6.3epss 0.23

    A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/test_login.php?action=register of the component User Registration. Executing manipulation can lead to improper authorization. The attack may be performed from…

  • CVE-2025-6266MedJun 19, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing manipulation of the argument File results in unrestricted upload. It is possible to initiate the attack remotely. The…

  • CVE-2022-37063MedAug 18, 2022
    risk 0.35cvss 5.4epss 0.01

    All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit…

  • CVE-2025-5695MedJun 5, 2025
    risk 0.31cvss 4.7epss 0.08

    A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. Such manipulation leads to command injection.…

  • CVE-2025-5127LowMay 24, 2025
    risk 0.23cvss 3.5epss 0.01

    A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly…

  • CVE-2018-25139Dec 24, 2025
    risk 0.00cvss epss 0.00

    FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage.

  • CVE-2018-25138Dec 24, 2025
    risk 0.00cvss epss 0.01

    FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using…