CVE-2017-20213 | THREATINT

Description

FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.

PUBLISHED Reserved 2026-01-06 | Published 2026-01-07 | Updated 2026-01-08 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Missing Authentication for Critical Function

Product status

8.0.0.64

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

cxsecurity.com/issue/WLB-2017090204 exploit

www.exploit-db.com/exploits/42789/ exploit

www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5435.php exploit

www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5435.php (Zero Science Lab Vulnerability Advisory) third-party-advisory

www.exploit-db.com/exploits/42789/ (Exploit Database Entry 42789) exploit

packetstormsecurity.com/files/144323 (Packet Storm Security Exploit Archive) exploit

cxsecurity.com/issue/WLB-2017090204 (CXSecurity Vulnerability Listing) third-party-advisory

web.archive.org/....flir.com/security/blog/details/?ID=87043 (Archived FLIR Security Advisory) vendor-advisory patch

cve.org (CVE-2017-20213)

nvd.nist.gov (CVE-2017-20213)

Download JSON