FLIR AX8 Unrestricted File Upload Vulnerability

A critical vulnerability allowing unauthorized file uploads has been identified in the FLIR AX8 camera, affecting versions through 1.46. The issue resides in the file '/upload.php', where the 'File' argument can be manipulated to bypass upload restrictions. This vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could be used to upload malicious files that are processed by the application, potentially leading to further exploitation or unauthorized access.

Reproduction

The vulnerability can be reproduced by sending a request to the '/upload.php' endpoint with a manipulated 'File' argument that bypasses the file type restrictions. This can be done remotely, and the vulnerability can be found using Google Hacking by searching for 'inurl:upload.php'.