CVE-2023-51126
high-risk
Published 2024-01-10
Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.
Do I need to act?
!
25.3% chance of exploitation in next 30 days
EPSS score — higher than 75% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (2)
Third Party Advisory
https://github.com/risuxx/CVE-2023-51126
Third Party Advisory
https://github.com/risuxx/CVE-2023-51126
52
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
15/34 · Moderate
Exposure
5/34 · Minimal