FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root

Discussion in 'News Aggregator' started by Packet Storm, 26 Sep 2017.

  1. Packet Storm

    Packet Storm Guest

    FLIR Camera PT-Series suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exist due to several POST parameters in controllerFlirSystem.php script when calling the execFlirSystem() function not being sanitized when using the shell_exec() PHP function while updating the network settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.

    Continue reading...
     

Share This Page

Loading...