CVE-2025-7578
Teledyne FLIR FB-Series O/FLIR FH-Series ID runcmd.sh sendCommand command injection
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Teledyne FLIR FB-Series O/FLIR FH-Series ID runcmd.sh sendCommand command injection
A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been declared as critical. This vulnerability affects the function sendCommand of the file runcmd.sh. The manipulation of the argument cmd leads to command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The researcher highlights, that "[a]lthough this functionality is currently disabled due to server CGI configuration errors, it is essentially a 'time bomb' waiting to be activated". The vendor was contacted early about this disclosure but did not respond in any way.
In Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion sendCommand der Datei runcmd.sh. Durch Manipulation des Arguments cmd mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig.
| 2025-07-13: | Advisory disclosed |
| 2025-07-13: | VulDB entry created |
| 2025-07-13: | VulDB entry last update |
waiwai24 (VulDB User)
vuldb.com/?id.316276 (VDB-316276 | Teledyne FLIR FB-Series O/FLIR FH-Series ID runcmd.sh sendCommand command injection)
vuldb.com/?ctiid.316276 (VDB-316276 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.609551 (Submit #609551 | FLIR FLIR FB-Series O FLIR FB-Series O and ID Firmware, Version 1.3.2.16 Command Injection)
github.com/...on_Vulnerability_in_Developer_Backdoor_Page.md
Support options
