Security Advisory

CVE-2023-51126

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-10 00:00:00
Last updated 2025-10-17 19:14:35
Assigner mitre
State PUBLISHED

Description

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.