FLIR AX8热成像相机硬编码凭证漏洞(ZSL-2018-5494)

Title: FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Hard-coded Credentials Shell Access Advisory ID: ZSL-2018-5494 Type: Local/Remote Impact: System Access, DoS Risk: 5/5 Release Date: 14.10.2018 Summary The FLIR AX8 Thermal Camera has hard-coded credentials, allowing potential for shell access. The credentials cannot be changed through normal user interaction. Vendor FLIR Systems, Inc. - https://www.flir.com Affected Version Firmware: 1.32.16, 1.17.13 OS: neo_v1.8-0-g7ffe5b3 Hardware: Flir Systems Neo Board Vendor Status 26.07.2018: Vulnerability discovered 17.08.2018: Vendor contacted 17.08.2018: Vendor forwarded message to appropriate team 17.08.2018: Vendor requested more details 21.08.2018: Requested PGP key from vendor 23.08.2018: Vendor sent PGP key 27.08.2018: Sent details to vendor 29.08.2018: Vendor confirmed issue and working on patches 29.08.2018: Working with vendor 10.10.2018: Vendor updated following cyber security guide 14.10.2018: Coordinated public security advisory released PoC flir_ax8_creds.txt Credits Vulnerability discovered by Gjoko Krstic - References 1. https://www.flir.com/security/best-practices-for-cybersecurity/ 2. https://www.flir.com/globalassets/security/flir-pro-security-cyber-hardening-guide.pdf 3. https://www.flir.com/globalassets/security/cybersecurity-bulletin-10-12-18.pdf 4. https://packetstormsecurity.com/files/149800 5. https://www.exploit-db.com/exploits/45629/ 6. https://exchange.xforce.ibmcloud.com/vulnerabilities/151332 7. https://www.flir.com/globalassets/industrial/security/cybersecurity-bulletin-10-12-18.pdf 8. https://www.flir.com/globalassets/industrial/security/flir-pro-security-cyber-hardening-guide.pdf Changelog 14.10.2018: Initial release 15.10.2018: Added reference [4] 17.10.2018: Added reference [5] 18.10.2018: Added reference [6] 04.11.2022: Added references [7] and [8]

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

FLIR AX8热成像相机硬编码凭证漏洞(ZSL-2018-5494)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！