CVE-2022-4364

CVE Database · CVE-2022-4364

CVE-2022-4364

· HIGHModified

CVSS v3.1

7.3

CVSS v4.0

5.5

EPSS

4.20%

Published

Dec 8, 2022

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 can resolve this issue. Upgrading the affected component is advised. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-74CWE-77CWE-78

Affected Products (2)

flir · flir_ax8_firmware (up to 1.46.16)vulnerable

flir · flir_ax8

References (6)

https://github.com/siriuswhiter/VulnHub/blob/main/Flir/02-FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/FLIR-AX8%20palette.php%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E1.md

ExploitThird Party Advisory

https://vuldb.com/?ctiid.215118

https://vuldb.com/?id.215118

Third Party Advisory

https://vuldb.com/?submit.55748

ExploitThird Party Advisory

https://vuldb.com/?id.215118

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs