Cyber Resilience

CVE-2023-51126

CriticalRCE

Published: 10 January 2024

Published
10 January 2024
Modified
17 October 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1623 95.0th percentile
Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-51126 is a critical-severity Command Injection (CWE-77) vulnerability in Flir Flir Ax8 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 5.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2023-51126 is a command injection vulnerability in the /usr/www/res.php endpoint of FLIR AX8 thermal cameras running firmware up to version 1.46.16. The flaw resides in the handling of the value parameter and is tracked under CWE-77, carrying a CVSS 3.1 score of 9.8.

Unauthenticated attackers with network access can supply crafted input to the parameter and execute arbitrary operating-system commands on the device, resulting in full confidentiality, integrity, and availability impact without any user interaction.

The vendor has stated that firmware 1.49.16, released in January 2023, resolves the issue; the current latest release is 1.55.16 from June 2024. Public references consist of a GitHub repository containing proof-of-concept material.

EPSS for the CVE rose from lower values to a peak of 0.2593 before receding to the current 0.1623, indicating measurable post-disclosure exploitation interest.

EU & UK References

Vulnerability details

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should…

more

no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

flir
flir ax8 firmware
≤ 1.46.16

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References