CVE-2022-37062

Public Exploit

Description

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords.

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.96% Top 25%
Vendor Advisory flir.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://www.flir.com/products/ax8-automation/ product vendor advisory
https://gist.github.com/Nwqda/9e16852ab7827dc62b8e44d6180a6899 exploit mitigation third party advisory
http://packetstormsecurity.com/files/168116/FLIR-AX8-1.46.16-Traversal-Access-Control-Command-Injection-XSS.html broken link

Frequently Asked Questions

What is the severity of CVE-2022-37062?
CVE-2022-37062 has been scored as a high severity vulnerability.
How to fix CVE-2022-37062?
To fix CVE-2022-37062, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-37062 being actively exploited in the wild?
It is possible that CVE-2022-37062 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.