Sign-up

ID

VAR-202401-0404


CVE

CVE-2023-51126


DESCRIPTION

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

Trust: 1.0

sources: NVD: CVE-2023-51126

AFFECTED PRODUCTS

vendor:flirmodel:ax8scope:lteversion:1.46.16

Trust: 1.0

sources: NVD: CVE-2023-51126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-51126
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-51126
value: CRITICAL

Trust: 1.0

nvd@nist.gov: CVE-2023-51126
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: NVD: CVE-2023-51126 // NVD: CVE-2023-51126

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

sources: NVD: CVE-2023-51126

PATCH

title:CVE-2023-51126url:https://github.com/risuxx/CVE-2023-51126

Trust: 0.1

sources: VULMON: CVE-2023-51126

EXTERNAL IDS

db:NVDid:CVE-2023-51126

Trust: 1.1

db:VULMONid:CVE-2023-51126

Trust: 0.1

sources: VULMON: CVE-2023-51126 // NVD: CVE-2023-51126

REFERENCES

url:https://github.com/risuxx/cve-2023-51126

Trust: 1.1

sources: VULMON: CVE-2023-51126 // NVD: CVE-2023-51126

SOURCES

db:VULMONid:CVE-2023-51126
db:NVDid:CVE-2023-51126

LAST UPDATE DATE

2025-10-18T23:12:14.232000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-51126date:2025-10-17T20:15:36.343

SOURCES RELEASE DATE

db:NVDid:CVE-2023-51126date:2024-01-10T21:15:09.083