Filtered by vendor Flir
Subscriptions
Filtered by product Thermal Camera
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20216 | 1 Flir | 1 Thermal Camera | 2026-01-08 | 9.8 Critical |
| FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-06 (UTC). | ||||
| CVE-2017-20215 | 1 Flir | 1 Thermal Camera | 2026-01-08 | 8.8 High |
| FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system. | ||||
| CVE-2017-20214 | 1 Flir | 1 Thermal Camera | 2026-01-08 | 7.5 High |
| FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system. | ||||
| CVE-2017-20213 | 1 Flir | 1 Thermal Camera | 2026-01-08 | 7.5 High |
| FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication. | ||||
| CVE-2017-20212 | 1 Flir | 1 Thermal Camera | 2026-01-08 | 6.2 Medium |
| FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication. | ||||
Page 1 of 1.