Sign-up

ID

VAR-202403-1099


CVE

CVE-2024-3013


TITLE

FLIR Systems, Inc.  of  flir ax8  Firmware authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-025053

DESCRIPTION

A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue affects some unknown processing of the file /tools/test_login.php?action=register of the component User Registration. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258299. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. FLIR Systems, Inc. of flir ax8 The firmware contains an authorization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-3013 // JVNDB: JVNDB-2024-025053

AFFECTED PRODUCTS

vendor:flirmodel:ax8scope:gteversion:1.46.0

Trust: 1.0

vendor:flirmodel:ax8scope:lteversion:1.46.16

Trust: 1.0

vendor:flirmodel:ax8scope:eqversion:flir ax8 firmware 1.46.0 to 1.46.16

Trust: 0.8

vendor:flirmodel:ax8scope: - version: -

Trust: 0.8

vendor:flirmodel:ax8scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-025053 // NVD: CVE-2024-3013

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-3013
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-3013
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-025053
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2024-3013
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-025053
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2024-3013
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-3013
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2024-025053
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-025053 // NVD: CVE-2024-3013 // NVD: CVE-2024-3013

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.0

problemtype:Inappropriate authorization (CWE-285) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-025053 // NVD: CVE-2024-3013

EXTERNAL IDS

db:NVDid:CVE-2024-3013

Trust: 2.6

db:VULDBid:258299

Trust: 1.8

db:JVNDBid:JVNDB-2024-025053

Trust: 0.8

sources: JVNDB: JVNDB-2024-025053 // NVD: CVE-2024-3013

REFERENCES

url:https://vuldb.com/?id.258299

Trust: 1.8

url:https://vuldb.com/?submit.301588

Trust: 1.8

url:https://vuldb.com/?ctiid.258299

Trust: 1.0

url:https://h0e4a0r1t.github.io/2024/vulns/flir-ax8%20fixed%20thermal%20cameras%20register%20any%20user%20in%20the%20background--test_login.php.pdf

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-3013

Trust: 0.8

sources: JVNDB: JVNDB-2024-025053 // NVD: CVE-2024-3013

SOURCES

db:JVNDBid:JVNDB-2024-025053
db:NVDid:CVE-2024-3013

LAST UPDATE DATE

2025-06-18T23:24:14.525000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-025053date:2025-06-16T01:08:00
db:NVDid:CVE-2024-3013date:2025-06-12T23:23:13

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-025053date:2025-06-16T00:00:00
db:NVDid:CVE-2024-3013date:2024-03-28T01:15:47.997