Command injection vulnerability in /usr/www/application/models/settingscamera.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter.