What is CVE-2022-37061?

CVE-2022-37061 is a vulnerability in N/a. Published 2022-08-18.

Is CVE-2022-37061 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in…

EPSS: 0.935 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
12442RF/POC
ARPSyndicate/cvemon
DMW11525708/wiki
Lern0n/Lernon-POC
adysec/POC
eeeeeeeeee-code/POC
fkie-cad/nvd-json-data-feeds
h00die-gr3y/Metasploit
laoa1573/wy876

References

www.flir.com/products/ax8-automation/
gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899
packetstormsecurity.com/files/168114/FLIX-AX8-1.46.16-Remote-Command-Execution…
packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-…
packetstormsecurity.com/files/169701/FLIR-AX8-1.46.16-Remote-Command-Injection…
www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5491.php
github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2022-36266/FLIR AX8 Unauthenticated…

Frequently asked questions

What is CVE-2022-37061?: CVE-2022-37061 is a vulnerability in N/a. Published 2022-08-18.
Is CVE-2022-37061 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.