Sign-up

ID

VAR-202212-0903


CVE

CVE-2022-4364


TITLE

FLIR Systems, Inc.  of  flir ax8  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-023136

DESCRIPTION

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 can resolve this issue. Upgrading the affected component is advised. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.". FLIR Systems, Inc. of flir ax8 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. VDB-215118 is the identifier assigned to this vulnerability

Trust: 1.71

sources: NVD: CVE-2022-4364 // JVNDB: JVNDB-2022-023136 // VULMON: CVE-2022-4364

AFFECTED PRODUCTS

vendor:flirmodel:ax8scope:ltversion:1.46.16

Trust: 1.0

vendor:flirmodel:ax8scope:gteversion:1.46.0

Trust: 1.0

vendor:flirmodel:ax8scope: - version: -

Trust: 0.8

vendor:flirmodel:ax8scope:eqversion:flir ax8 firmware 1.46.0 that's all 1.46.16

Trust: 0.8

vendor:flirmodel:ax8scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023136 // NVD: CVE-2022-4364

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2022-4364
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2022-4364
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-4364
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202212-2736
value: CRITICAL

Trust: 0.6

cna@vuldb.com: CVE-2022-4364
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

cna@vuldb.com: CVE-2022-4364
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2022-4364
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-4364
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNNVD: CNNVD-202212-2736 // JVNDB: JVNDB-2022-023136 // NVD: CVE-2022-4364 // NVD: CVE-2022-4364

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023136 // NVD: CVE-2022-4364

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2736

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202212-2736

EXTERNAL IDS

db:NVDid:CVE-2022-4364

Trust: 3.3

db:VULDBid:215118

Trust: 2.5

db:JVNDBid:JVNDB-2022-023136

Trust: 0.8

db:CNNVDid:CNNVD-202212-2736

Trust: 0.6

db:VULMONid:CVE-2022-4364

Trust: 0.1

sources: VULMON: CVE-2022-4364 // CNNVD: CNNVD-202212-2736 // JVNDB: JVNDB-2022-023136 // NVD: CVE-2022-4364

REFERENCES

url:https://vuldb.com/?id.215118

Trust: 2.5

url:https://github.com/siriuswhiter/vulnhub/blob/main/flir/02-flir-ax8%20palette.php%20%e5%91%bd%e4%bb%a4%e6%89%a7%e8%a1%8c%e6%bc%8f%e6%b4%9e/flir-ax8%20palette.php%20%e5%91%bd%e4%bb%a4%e6%89%a7%e8%a1%8c%e6%bc%8f%e6%b4%9e1.md

Trust: 2.5

url:https://vuldb.com/?ctiid.215118

Trust: 1.0

url:https://vuldb.com/?submit.55748

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-4364

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-4364/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/74.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/707.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-4364 // CNNVD: CNNVD-202212-2736 // JVNDB: JVNDB-2022-023136 // NVD: CVE-2022-4364

SOURCES

db:VULMONid:CVE-2022-4364
db:CNNVDid:CNNVD-202212-2736
db:JVNDBid:JVNDB-2022-023136
db:NVDid:CVE-2022-4364

LAST UPDATE DATE

2025-10-15T23:49:27.607000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-4364date:2022-12-08T00:00:00
db:CNNVDid:CNNVD-202212-2736date:2023-07-07T00:00:00
db:JVNDBid:JVNDB-2022-023136date:2023-11-27T07:59:00
db:NVDid:CVE-2022-4364date:2025-10-15T14:15:37.370

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-4364date:2022-12-08T00:00:00
db:CNNVDid:CNNVD-202212-2736date:2022-12-08T00:00:00
db:JVNDBid:JVNDB-2022-023136date:2023-11-27T00:00:00
db:NVDid:CVE-2022-4364date:2022-12-08T15:15:10.080