CVE-2017-20213

FLIR Thermal Camera F/FC/PT/D Stream 8.0.0.64 Unauthenticated Stream Disclosure

CVSS 8.7 HIGHEPSS 0.4%CWE-306

FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

FLIR Systems, Inc. · FLIR Thermal Camera F/FC/PT/D Stream

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cxsecurity.com/issue/WLB-2017090204 https://packetstormsecurity.com/files/144323 https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043 https://www.exploit-db.com/exploits/42789/https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5435.php