Key Information Vulnerability Description Vulnerability Type: Command Injection Vulnerability Affected File: Affected Versions: FLIR AX8 up to 1.46.16 Affected Function: Exploitation Method Attackers can execute arbitrary commands via the function. Notes This vulnerability is a backend issue and requires obtaining a cookie to exploit. A cookie can be obtained by exploiting an unauthenticated user registration vulnerability located at , enabling Remote Code Execution (RCE). Under normal circumstances, a weak password vulnerability exists; default credentials are 'admin', which can also be used to obtain the cookie. POC (Proof of Concept) Analysis The function on line 184 triggers command execution via , where the parameter is user-controlled.