CVE-2018-25138

Critical CVSS: 9.3

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and password combinations.

Vendor

Flir

Product

Flir Ax8 Firmware

CWE

CWE-798

Yayın Tarihi

2025-12-24 20:15:47

Güncelleme

2026-01-05 14:15:50

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-798 Flir Ax8 Firmware CRITICAL Flir 2025

Referanslar

https://www.exploit-db.com/exploits/45629 https://www.flir.com https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5494.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5494.php

Benzer Kayıtlar

High

CVE-2018-25139

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live vi…

Medium

CVE-2025-6266

A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality…

Medium

CVE-2025-5695

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribe_to_spot/subscribe…

Medium

CVE-2025-5127

A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the fil…

High

CVE-2025-5126

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the…