CVE-2024-3013

CVE Database · CVE-2024-3013

CVE-2024-3013

· MEDIUMModified

CVSS v3.1

6.3

CVSS v4.0

2.1

EPSS

22.99%

Published

Mar 27, 2024

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/test_login.php?action=register of the component User Registration. Executing manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. Upgrading to version 1.49.16 is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-266CWE-285

Affected Products (2)

flir · flir_ax8_firmwarevulnerable

flir · flir_ax8

References (8)

https://h0e4a0r1t.github.io/2024/vulns/FLIR-AX8%20Fixed%20Thermal%20Cameras%20Register%20any%20user%20in%20the%20background--test_login.php.pdf

Broken Link

https://vuldb.com/?ctiid.258299

Permissions RequiredVDB Entry