CVE-2023-46295
📋 TL;DR
This critical vulnerability allows unauthenticated attackers to execute arbitrary code on Teledyne FLIR M300 thermal camera systems by sending a malicious POST request to a vulnerable PHP page. Successful exploitation grants root privileges via sudo, enabling complete system compromise. All systems running the affected firmware version are vulnerable.
💻 Affected Systems
- Teledyne FLIR M300
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with root access, allowing attackers to install persistent malware, steal sensitive data, pivot to other network devices, or render the camera inoperable.
Likely Case
Unauthenticated remote code execution leading to camera compromise, surveillance disruption, credential theft, and lateral movement within the network.
If Mitigated
Limited impact if cameras are isolated in separate VLANs with strict network segmentation and access controls.
🎯 Exploit Status
Exploitation requires sending a crafted POST request to the vulnerable PHP endpoint. Public disclosure includes technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Later than 2.00-19 (check vendor for specific version)
Vendor Advisory: https://www.flir.com/support-center/security/
Restart Required: Yes
Instructions:
1. Check current firmware version. 2. Download latest firmware from FLIR support portal. 3. Upload firmware via web interface. 4. Apply update. 5. Reboot camera.
🔧 Temporary Workarounds
Network Segmentation
allIsolate FLIR M300 cameras in separate VLAN with strict firewall rules blocking external access.
Web Interface Access Restriction
allConfigure firewall to allow web interface access only from trusted management IP addresses.
🧯 If You Can't Patch
- Immediately disconnect vulnerable cameras from internet-facing networks
- Implement strict network segmentation and monitor for suspicious POST requests to camera web interfaces
🔍 How to Verify
Check if Vulnerable:
Check firmware version via web interface: Settings > System > About. If version is 2.00-19, system is vulnerable.Check Version:
Check via web interface or SSH if enabled: cat /etc/versionVerify Fix Applied:
Verify firmware version is updated to a version later than 2.00-19 via web interface.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to PHP pages
- Sudden privilege escalation events
- Unexpected process execution
Network Indicators:
- POST requests to camera web interface from unexpected sources
- Outbound connections from camera to suspicious IPs
SIEM Query:
source="camera_logs" AND (method="POST" AND uri="*.php") OR (event="privilege_escalation")